All Documents
Virtual Private CloudVirtual Private Cloud
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- VPC and Subnet
-
Security
-
Security Group
- Security Group Overview
- Default Security Groups and Security Group Rules
- Security Group Configuration Examples
- Creating a Security Group
- Adding a Security Group Rule
- Fast-Adding Security Group Rules
- Replicating a Security Group Rule
- Modifying a Security Group Rule
- Deleting a Security Group Rule
- Importing and Exporting Security Group Rules
- Deleting a Security Group
- Adding Instances to and Removing Them from a Security Group
- Cloning a Security Group
- Modifying a Security Group Name
- Viewing the Security Group of an ECS
- Changing the Security Group of an ECS
- Common Ports Used by ECSs
-
Network ACL
- Network ACL Overview
- Network ACL Configuration Examples
- Creating a Network ACL
- Adding a Network ACL Rule
- Associating Subnets with a Network ACL
- Disassociating a Subnet from a Network ACL
- Changing the Sequence of a Network ACL Rule
- Modifying a Network ACL Rule
- Enabling or Disabling a Network ACL Rule
- Deleting a Network ACL Rule
- Exporting and Importing Network ACL Rules
- Viewing a Network ACL
- Modifying a Network ACL
- Enabling or Disabling a Network ACL
- Deleting a Network ACL
- Differences Between Security Groups and Network ACLs
- IP Address Group
-
Security Group
- EIP
- Shared Bandwidth
- Shared Data Package
- Route Table (Module Accessible from the Left Navigation Pane)
- Route Table (Not Decoupled)
-
VPC Peering Connection
- VPC Peering Connection Overview
- VPC Peering Connection Configuration Plans
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Viewing VPC Peering Connections
- Modifying a VPC Peering Connection
- Deleting a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting a VPC Peering Route
- VPC Flow Log (OBT)
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Binding a Virtual IP Address to an EIP
- Using a VPN to Access a Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling IP Forwarding on the Standby ECS
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
- Releasing a Virtual IP Address
- Enterprise Switches (L2CGs)
- Monitoring
- Interconnecting with CTS
- Permissions Management
- Change History
-
Best Practices
- Network Planning
- VPC Connectivity
- Private Network Access
- Public Network Access
- Lower Network Costs
- Access Control
- Using Third-Party Firewalls When Connecting VPCs
- Using Third-Party Firewalls When Connecting an On-premises Data Center to the Cloud
- Deploying Containers That Can Communicate With Each Other on ECSs
- Building Highly Available Web Server Clusters with Keepalived
- Using IP Address Groups to Reduce the Number of Security Group Rules
- Configuring Policy-based Routes for an ECS with Multiple NICs
- Configuring VPC Peering Connections
- Enabling Communications Between an On-premises Data Center and the Cloud Using an L2CG
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- APIs
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
- Application Examples
-
Permissions Policies and Supported Actions
- Introduction
- VPC
- Subnet
- Port
- VPC Peering Connection
- VPC Route
- Route Table
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tags
- Subnet Tags
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- FAQs
- Out-of-Date APIs
- Appendix
- Change History
-
FAQs
- General Questions
- Billing and Payments
-
VPC and Subnet
- What Is Virtual Private Cloud?
- Which CIDR Blocks Are Available for the VPC Service?
- How Many VPCs Can I Create?
- Can Subnets Communicate with Each Other?
- What Subnet CIDR Blocks Are Available?
- Can I Modify the CIDR Block of a Subnet?
- How Many Subnets Can I Create?
- How Can I Delete a Subnet That Is Being Used by Other Resources?
- Why Is the ECS IP Address Lost After the System Time Is Changed?
- How Do I Make the Changed DHCP Lease Time of a Subnet Take Effect Immediately?
- Can I Change the VPC of an ECS?
- How Do I Change the DNS Server Address of an ECS?
-
EIP
- How Do I Assign or Retrieve a Specific EIP?
- What Are the Differences Between EIP, Private IP Address, Floating IP Address, and Virtual IP Address?
- How Do I Access the Internet Using an EIP Bound to an Extension NIC?
- What Are the Differences Between the Primary and Extension NICs of ECSs?
- Can an EIP That Uses Dedicated Bandwidth Be Changed to Use Shared Bandwidth?
- Can I Bind an EIP to Multiple ECSs?
- How Do I Access an ECS with an EIP Bound from the Internet?
- What Is the EIP Assignment Policy?
- Can I Bind an EIP to an ECS, to Another ECS?
- Does an EIP Change Over Time?
- Can I Assign a Specific EIP?
- How Do I Query the Region of My EIPs?
- Can a Bandwidth Be Used by Multiple Accounts?
- How Do I Change an EIP for an Instance?
- Can I Bind an EIP to a Cloud Resource in Another Region?
-
Bandwidth
- What Are Inbound Bandwidth and Outbound Bandwidth?
- How Do I Know If My EIP Bandwidth Limit Has Been Exceeded?
- What Are the Differences Between EIP Bandwidth and Private Network Bandwidth?
- What Is the Bandwidth Size Range?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?
- How Do I Buy a Shared Bandwidth?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
- Can I Increase My Bandwidth Billed on Yearly/Monthly Basis and Then Decrease It?
- What Is the Relationship Between Bandwidth and Upload/Download Rate?
- What Are the Differences Between Static BGP and Dynamic BGP?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Is Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- Are There Any Constraints on Using VPC Peering Connections?
- Why Does Communication Fail Between VPCs That Are Connected by a VPC Peering Connection?
- How Many VPC Peering Connections Can I Create?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Why Does Intermittent Interruption Occur When a Local Host Accesses a Website Built on an ECS?
- Why Do ECSs Using Private IP Addresses in the Same Subnet Only Support One-Way Communication?
- Why Does Communication Fail Between Two ECSs in the Same VPC or Packet Loss Occur When They Communicate?
- Why Can't the Virtual IP Address Be Pinged After It Is Bound to an ECS NIC?
- Why Does My ECS Fail to Use Cloud-init?
- Why Does Internet Access Fail Even If My ECS Is Bound with an EIP?
- How Do I Handle the IB Network Failure?
- Why Does My ECS Fail to Communicate at a Layer 2 or Layer 3 Network?
- How Do I Handle the BMS Network Failure?
- Why Does My ECS Fail to Obtain an IP Address?
- How Do I Handle the VPN or Direct Connect Connection Network Failure?
- Why Does My Server Can Be Accessed from the Internet But Cannot Access the Internet?
- Can I Use a VPC Peering Connection to Connect VPCs in Different Regions?
- Will I Be Billed for Using a VPC Peering Connection?
- What Switches Can Connect to a L2CG on HUAWEI CLOUD?
- Why Is the Layer 2 Connection in the Not Connected State Even After Its Configuration Is Complete?
- Why Is Communication Between the Cloud and On-premises Servers Unavailable Even When the Layer 2 Connection Status Is Connected?
- How Do I Bind a Virtual IP Address on HUAWEI CLOUD to a Server in an On-premises Data Center?
- Why Can't I Access Websites Using IPv6 Addresses After IPv4/IPv6 Dual Stack Is Configured?
-
Routing
- How Do I Configure Policy-Based Routes for an ECS with Multiple NICs?
- Can a Route Table Span Multiple VPCs?
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Will a Route Table Be Billed?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
-
Security
- Are the Security Group Rules Considered the Same If All Parameters Except Their Description Are the Same?
- What Are the Requirements for Deleting a Security Group?
- Why Is Outbound Access on TCP Port 25 Blocked?
- How Do I Know the Instances Associated with a Security Group?
- Can I Change the Security Group of an ECS?
- How Many Security Groups Can I Have?
- Will a Security Group Be Billed?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- How Many Network ACLs Can I Create?
- Does a Security Group Rule or a Network ACL Rule Immediately Take Effect for Its Original Traffic After It Is Modified?
- Why Are Some Ports Inaccessible?
- Why Is Access from a Specific IP Address Still Allowed After a Network ACL Rule That Denies the Access from the IP Address Has Been Added?
- Why Do My Security Group Rules Not Take Effect?
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Service Overview
- Getting Started
- VPC and Subnet
-
Security
-
Security Group
- Security Group Overview
- Default Security Groups and Security Group Rules
- Security Group Configuration Examples
- Creating a Security Group
- Adding a Security Group Rule
- Fast-Adding Security Group Rules
- Replicating a Security Group Rule
- Modifying a Security Group Rule
- Deleting a Security Group Rule
- Importing and Exporting Security Group Rules
- Deleting a Security Group
- Adding Instances to and Removing Them from a Security Group
- Cloning a Security Group
- Modifying a Security Group
- Viewing the Security Group of an ECS
- Changing the Security Group of an ECS
-
Network ACL
- Network ACL Overview
- Network ACL Configuration Examples
- Creating a Network ACL
- Adding a Network ACL Rule
- Associating Subnets with a Network ACL
- Disassociating a Subnet from a Network ACL
- Changing the Sequence of a Network ACL Rule
- Modifying a Network ACL Rule
- Enabling or Disabling a Network ACL Rule
- Deleting a Network ACL Rule
- Exporting and Importing Network ACL Rules
- Viewing a Network ACL
- Modifying a Network ACL
- Enabling or Disabling a Network ACL
- Deleting a Network ACL
- Differences Between Security Groups and Network ACLs
-
Security Group
- EIP
- Shared Bandwidth
-
Route Table
- Route Table Overview
- Configuring an SNAT Server
- Creating a Custom Route Table
- Adding a Custom Route
- Associating a Subnet with a Route Table
- Changing the Route Table Associated with a Subnet
- Viewing a Route Table
- Deleting a Route Table
- Modifying a Route
- Deleting a Route
- Replicating a Route
- Exporting Route Table Information
-
VPC Peering Connection
- VPC Peering Connection Creation Procedure
- VPC Peering Connection Configuration Plans
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Viewing VPC Peering Connections
- Modifying a VPC Peering Connection
- Deleting a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting a VPC Peering Route
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Using an EIP to Access a Virtual IP Address
- Using a VPN to Access a Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
- Releasing a Virtual IP Address
- Monitoring
-
FAQs
- General
- VPC and Subnet
- EIP
- Bandwidth
-
Connectivity
- Does a VPN Allow for Communication Between Two VPCs?
- Why Cannot I Access the Internet or Internal Domain Names in the Cloud Through Domain Names When My ECS Has Multiple NICs?
- What Are the Constraints Related to VPC Peering?
- What Should I Do If VPCs Connected by a VPC Peering Connection Cannot Communicate with Each Other?
- How Many VPC Peering Connections Can I Have?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
- Routing
- Security
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
- APIs
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- Port
- VPC Peering Connection
- Quota
- Private IP Address
- Security Group
- Security Group Rule
- VPC Tags
- Subnet Tags
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Public Parameters
- Out-of-Date APIs
- Appendix
- Change History
-
User Guide (Paris and Amsterdam Regions)
- Service Overview
- Getting Started
- VPC and Subnet
-
Security
-
Security Group
- Security Group Overview
- Default Security Groups and Security Group Rules
- Security Group Configuration Examples
- Creating a Security Group
- Adding a Security Group Rule
- Fast-Adding Security Group Rules
- Replicating a Security Group Rule
- Modifying a Security Group Rule
- Deleting a Security Group Rule
- Importing and Exporting Security Group Rules
- Deleting a Security Group
- Adding Instances to and Removing Them from a Security Group
- Modifying a Security Group
- Viewing the Security Group of an ECS
- Changing the Security Group of an ECS
-
Network ACL
- Network ACL Overview
- Network ACL Configuration Examples
- Creating a Network ACL
- Adding a Network ACL Rule
- Associating Subnets with a Network ACL
- Disassociating a Subnet from a Network ACL
- Changing the Sequence of a Network ACL Rule
- Modifying a Network ACL Rule
- Enabling or Disabling a Network ACL Rule
- Deleting a Network ACL Rule
- Exporting and Importing Network ACL Rules
- Viewing a Network ACL
- Modifying a Network ACL
- Enabling or Disabling a Network ACL
- Deleting a Network ACL
- Differences Between Security Groups and Network ACLs
-
Security Group
- EIP
- Shared Bandwidth
-
Route Table
- Route Table Overview
- Configuring an SNAT Server
- Creating a Custom Route Table
- Adding a Custom Route
- Associating a Subnet with a Route Table
- Changing the Route Table Associated with a Subnet
- Viewing a Route Table
- Deleting a Route Table
- Modifying a Route
- Deleting a Route
- Replicating a Route
- Exporting Route Table Information
-
VPC Peering Connection
- VPC Peering Connection Creation Procedure
- VPC Peering Connection Configuration Plans
- Creating a VPC Peering Connection with Another VPC in Your Account
- Creating a VPC Peering Connection with a VPC in Another Account
- Viewing VPC Peering Connections
- Modifying a VPC Peering Connection
- Deleting a VPC Peering Connection
- Viewing Routes Configured for a VPC Peering Connection
- Deleting a VPC Peering Route
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Assigning a Virtual IP Address
- Binding a Virtual IP Address to an EIP or ECS
- Using an EIP to Access a Virtual IP Address
- Using a VPN to Access a Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
- Releasing a Virtual IP Address
- Monitoring
-
FAQs
- General Questions
- VPC and Subnet
- EIP
-
Bandwidth
- What Is the Bandwidth Size Range?
- What Bandwidth Types Are Available?
- What Are the Differences Between a Dedicated Bandwidth and a Shared Bandwidth? Can a Dedicated Bandwidth Be Changed to a Shared Bandwidth or the Other Way Around?
- Is There a Limit to the Number of EIPs That Can Be Added to Each Shared Bandwidth?
-
Connectivity
- Does a VPN Allow Communication Between Two VPCs?
- Why Is Internet or Internal Domain Names in the Cloud Inaccessible Through Domain Names When My ECS Has Multiple NICs?
- Are There Any Constraints on Using VPC Peering Connections?
- Why Does Communication Fail Between VPCs That Are Connected by a VPC Peering Connection?
- How Many VPC Peering Connections Can I Create?
- What Are the Priorities of the Custom Route and EIP If Both Are Configured for an ECS to Enable the ECS to Access the Internet?
-
Routing
- How Many Routes Can a Route Table Contain?
- Are There Any Restrictions on Using a Route Table?
- Will a Route Table Be Billed?
- Do the Same Routing Priorities Apply to Direct Connect Connections and Custom Routes in the Same VPC?
- Are There Different Routing Priorities of the VPN and Custom Routes in the Same VPC?
- How Many Routes Can Be Added in a VPC?
-
Security
- Can I Change the Security Group of an ECS?
- How Many Security Groups Can I Have?
- How Do I Configure a Security Group for Multi-Channel Protocols?
- How Many Network ACLs Can I Create?
- Does a Security Group Rule or a Network ACL Rule Immediately Take Effect for Its Original Traffic After It Is Modified?
- Which Security Group Rule Has Priority When Multiple Security Group Rules Conflict?
- Change History
-
API Reference (Paris and Amsterdam Regions)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs
- Virtual Private Cloud
- Subnet
- Elastic IP
- Bandwidth
- Bandwidth (V2.0)
- Quota
- Private IP Address
- Security Group
- VPC Peering Connection
- VPC Route
- VPC Tag Management
- Subnet Tag Management
- EIP Tag Management
- VPC Flow Log
-
Virtual IP Address
- Virtual IP Address Overview
- Binding an ECS to a Virtual IP Address
- Accessing a Virtual IP Address Using an EIP
- Using a VPN to Access the Virtual IP Address
- Using a Direct Connect Connection to Access the Virtual IP Address
- Using a VPC Peering Connection to Access the Virtual IP Address
- Disabling Source and Destination Check (HA Load Balancing Cluster Scenario)
-
Native OpenStack Neutron APIs (V2.0)
- API Version Information
- Port
- Network
- Subnet
- Router
- Floating IP Address
-
Network ACL
- Querying Network ACL Rules
- Querying a Network ACL Rule
- Creating a Network ACL Rule
- Updating a Network ACL Rule
- Deleting a Network ACL Rule
- Querying Network ACL Policies
- Querying a Network ACL Policy
- Creating a Network ACL Policy
- Updating a Network ACL Policy
- Deleting a Network ACL Policy
- Inserting a Network ACL Rule
- Removing a Network ACL Rule
- Querying Network ACL Groups
- Querying a Network ACL Group
- Creating a Network ACL Group
- Updating a Network ACL Group
- Deleting a Network ACL Group
- Security Group
-
Permissions Policies and Supported Actions
- VPC
- Subnet
- Elastic IP
- Bandwidth
- Bandwidth (V2.0)
- VPC Peering Connection
- Quota
- Private IP Address
- Security Group
- Port (OpenStack Neutron API)
- Network (OpenStack Neutron API)
- Subnet (OpenStack Neutron API)
- Router (OpenStack Neutron API)
- Floating IP Address (OpenStack Neutron API)
- Network ACL (OpenStack Neutron API)
- Security Group (OpenStack Neutron API)
- Precautions for API Permissions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
Help Center>
Virtual Private Cloud>
User Guide>
Security>
Security Group>
Adding a Security Group Rule
Updated at: Apr 19, 2022 GMT+08:00
Adding a Security Group Rule
Scenarios
A security group is a collection of access control rules for cloud resources, such as cloud servers, containers, and databases, to control inbound and outbound traffic. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC.
If the rules of the security group associated with your instance cannot meet your requirements, for example, you need to allow inbound traffic on a specified TCP port, you can add an inbound rule.
- Inbound rules control incoming traffic to cloud resources in the security group.
- Outbound rules control outgoing traffic from cloud resources in the security group.
For details about the default security group rules, see Default Security Groups and Security Group Rules. For details about security group rule configuration examples, see Security Group Configuration Examples.
Prerequisites
- A security group has been created. For details about how to create a security group, see Creating a Security Group.
- You have planned the public or private networks that can or cannot access instances, such as ECSs. For more examples of security group rules, see Security Group Configuration Examples.
Procedure
- Log in to the management console.
- Click
in the upper left corner and select the desired region and project. - On the console homepage, under Networking, click Virtual Private Cloud.
- In the navigation pane on the left, choose Access Control > Security Groups.
- On the Security Groups page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
- On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an inbound rule.You can click + to add more inbound rules.Figure 1 Add Inbound Rule
Table 1 Inbound rule parameter description Parameter
Description
Example Value
Priority
The security group rule priority.
The priority value ranges from 1 to 100. The default value is 1 and has the highest priority. The security group rule with a smaller value has a higher priority.
1
Action
The security group rule actions.
Deny rules take precedence over allow rules of the same priority.
Allow
Protocol & Port
Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.
TCP
Port: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535.
Enter ports in the following format:- Individual port: Enter a port, such as 22.
- Consecutive ports: Enter a port range, such as 22-30.
- Non-consecutive ports: Enter ports and port ranges, such as 22,23-30. You can enter a maximum of 20 ports and port ranges. Each port range must be unique.
- All ports: Leave it empty or enter 1-65535.
22, or 22-30
Type
The IP address type. This parameter is available only after the IPv6 function is enabled.- IPv4
- IPv6
IPv4
Source
The source of the security group rule. The value can be a single IP address, an IP address group, or a security group to allow access from the IP address or instances in the security group. For example:- Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/127 (IPv6)
- IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
- All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
- Security group: sg-abc
- IP address group: ipGroup-test
If the source is a security group, this rule will apply to all instances associated with the selected security group.
For more information about IP address groups, see IP Address Group Overview.
0.0.0.0/0
Description
Supplementary information about the security group rule. This parameter is optional.
The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
N/A
- On the Outbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters to add an outbound rule.You can click + to add more outbound rules.Figure 2 Add Outbound Rule
Table 2 Outbound rule parameter description Parameter
Description
Example Value
Priority
The security group rule priority.
The priority value ranges from 1 to 100. The default value is 1 and has the highest priority. The security group rule with a smaller value has a higher priority.
1
Action
The security group rule actions.
- Allow: Allows outbound traffic from instances in the security group based on the rule.
- Deny: Denies outbound traffic from instances in the security group based on the rule.
Deny rules take precedence over allow rules of the same priority.
Allow
Protocol & Port
Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.
TCP
Port: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535.
22, or 22-30
Type
The IP address type.- IPv4
- IPv6
IPv4
Destination
The destination of the security group rule. The value can be a single IP address, an IP address group, or a security group to allow access to the IP address or instances in the security group. For example:- Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/127 (IPv6)
- IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6)
- All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6)
- Security group: sg-abc
- IP address group: ipGroup-test
For more information about IP address groups, see IP Address Group Overview.
0.0.0.0/0
Description
Supplementary information about the security group rule. This parameter is optional.
The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
N/A
- Click OK.
Verification
After required security group rules are added, you can verify that the rules take effect. For example, you have deployed a website on ECSs. Users need to access your website over TCP (port 80), and you have added the security group rule shown in Table 3.
Linux ECS
To verify the security group rule on a Linux ECS:
- Log in to the ECS.
- Run the following command to check whether TCP port 80 is being listened on:
netstat -an | grep 80
If command output shown in Figure 3 is displayed, TCP port 80 is being listened on.
- Enter http://ECS EIP in the address box of the browser and press Enter.
If the requested page can be accessed, the security group rule has taken effect.
Windows ECS
To verify the security group rule on a Windows ECS:
- Log in to the ECS.
- Choose Start > Accessories > Command Prompt.
- Run the following command to check whether TCP port 80 is being listened on:
netstat -an | findstr 80
If command output shown in Figure 4 is displayed, TCP port 80 is being listened on.
- Enter http://ECS EIP in the address box of the browser and press Enter.
If the requested page can be accessed, the security group rule has taken effect.
Related Operations
Allow Common Ports
You can click Allow Common Ports to allow traffic on some common ports, such as port 21, 22, 3389, 80, 443, and 20.
Figure 5 Allow Common Ports
Helpful Links
Parent topic: Security Group
