Updated on 2024-12-16 GMT+08:00

Modifying a Security Group Rule

Scenarios

You can modify the port, protocol, and IP address of your security group rules as required to ensure the security of your instances.

Note that modifying a security group rule may interrupt your services or cause network security risks.

Notes and Constraints

Security group rules are like a whitelist. If there are no rules that allow or deny some traffic, the security group denies all traffic to or from the instances in the security group.
  • The inbound rules in Table 1 ensure that instances in the security group can communicate with each other. Do not modify these rules.
  • The outbound rules in Table 1 allow instances in the security group to access external networks. If you modify these rules, the instances in the security group cannot access external networks.
    Table 1 Security group rules

    Direction

    Action

    Type

    Protocol & Port

    Source/Destination

    Inbound

    Allow

    IPv4

    All

    Source: current security group

    Inbound

    Allow

    IPv6

    All

    Source: current security group

    Outbound

    Allow

    IPv4

    All

    Destination: 0.0.0.0/0

    Outbound

    Allow

    IPv6

    All

    Destination: ::/0

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. Click in the upper left corner and choose Networking > Virtual Private Cloud.

    The Virtual Private Cloud page is displayed.

  4. In the navigation pane on the left, choose Access Control > Security Groups.

    The security group list is displayed.

  5. In the security group list, click the name of the security group.

    The security group details page is displayed.

  6. Click the Inbound Rules or Outbound Rules tab as required.

    The security group rule list is displayed.

  7. Locate the target rule and click Modify in the Operation column.
  8. Modify the security group rule information as prompted and click Confirm.