Updated on 2022-08-18 GMT+08:00

Adding a Security Group Rule

Scenarios

After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group.

  • Inbound rules control incoming traffic to ECSs associated with the security group.
  • Outbound rules control outgoing traffic from ECSs associated with the security group.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. On the console homepage, under Network, click Virtual Private Cloud.
  4. In the navigation pane on the left, choose Access Control > Security Groups.
  5. On the Security Groups page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
  6. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.

    You can click + to add more inbound rules.

    Table 1 Inbound rule parameter descriptions

    Parameter

    Description

    Example Value

    Protocol & Port

    Protocol: specifies the network protocol. The option can be All, TCP, UDP, ICMP, or GRE.

    Custom TCP

    Port: specifies the port or port range over which the traffic can reach your ECS. Ports 1 to 65535 are all allowed.

    22, or 22-30

    Source

    Specifies the source of the security group rule. The source can be another security group or a single IP address. For example:

    • xxx.xxx.xxx.xxx/32 (IPv4 address)
    • xxx.xxx.xxx.0/24 (subnet CIDR block)
    • 0.0.0.0/0 (any IP address)
    • sg-abc (security group)

    0.0.0.0/0

    Description

    (Optional) Provides supplementary information about the security group rule.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    N/A

  7. On the Outbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.

    You can click + to add more outbound rules.

    Table 2 Outbound rule parameter descriptions

    Parameter

    Description

    Example Value

    Protocol & Port

    Protocol: specifies the network protocol. The option can be All, TCP, UDP, ICMP, or GRE.

    Custom TCP

    Port: specifies the port or port range over which the traffic can leave your ECS.

    Supported range: 1 to 65535

    22, or 22-30

    Source

    Specifies the source of the security group rule. The source can be another security group or a single IP address. For example:

    • xxx.xxx.xxx.xxx/32 (IPv4 address)
    • xxx.xxx.xxx.0/24 (subnet CIDR block)
    • 0.0.0.0/0 (any IP address)
    • sg-abc (security group)

    0.0.0.0/0

    Description

    (Optional) Provides supplementary information about the security group rule.

    The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    N/A

  8. Click OK.