Deleting One or More Security Group Rules

Scenarios

If you no longer need one or more security group rules to control the traffic to and from the instances in a security group, you can delete them.

To delete a security group rule, see Deleting a Security Group Rule.

To delete multiple security group rules at a time:

If there are a small number of rules to be deleted, you can select these rules in the rule list on the console by referring to Deleting Multiple Security Group Rules Directly on the Console.
If there are a large number of rules to be deleted, you can export the rule list to a local Excel file, only keep the rules you want to delete, and import the file to the console. The system then selects the rules to be deleted based on the imported file. For details, see Deleting Multiple Security Group Rules Using an Excel File.

Notes and Constraints

Note that deleting a security group rule may interrupt your services or cause network security risks.

Security group rules are like a whitelist. If there are no rules that allow or deny specific traffic, the security group denies all traffic to or from the instances in it.

The inbound rules in Table 1 ensure that instances in the security group can communicate with each other. Do not delete these rules.

The outbound rules in Table 1 allow instances in the security group to access external networks. If you delete these rules, the instances in the security group cannot access external networks.

**Table 1** Security group rules
Direction	Action	Type	Protocol & Port	Source/Destination
Inbound	Allow	IPv4	All	Source: current security group
Inbound	Allow	IPv6	All	Source: current security group
Outbound	Allow	IPv4	All	Destination: 0.0.0.0/0
Outbound	Allow	IPv6	All	Destination: ::/0

Deleting a Security Group Rule

Click in the upper left corner and select the desired region and project.
Click in the upper left corner and choose Networking > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
In the security group list, click the name of the security group.
The security group details page is displayed.
Click the Inbound Rules or Outbound Rules tab as required.
The security group rule list is displayed.
Locate the target rule and click Delete in the Operation column.
A confirmation dialog box is displayed.
Click OK.

Deleting Multiple Security Group Rules Directly on the Console

Click in the upper left corner and select the desired region and project.
Click in the upper left corner and choose Networking > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
In the security group list, click the name of the security group.
The security group details page is displayed.
Click the Inbound Rules or Outbound Rules tab as required.
The security group rule list is displayed.
In the security group rule list, select the target security group rules and click Delete up above the upper left corner of the list.
A confirmation dialog box is displayed.
Click OK.

Deleting Multiple Security Group Rules Using an Excel File

Click in the upper left corner and select the desired region and project.
Click in the upper left corner and choose Networking > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
In the security group list, click the name of the security group.
The security group details page is displayed.
Click the Inbound Rules or Outbound Rules tab as required.
The security group rule list is displayed.

In the upper left corner above the security group rule list, click Batch Operations.
The Batch Operations dialog box is displayed.
Select either of the following methods:
- Method 1: Click Download Template to download the Excel file to your local PC and fill in the security group rules to be enabled or disabled in the file.
- Method 2: Export the existing rules to a local Excel file, filter the target rules and keep them as they are, and save the file.
After the Excel file is ready, take step 9. The system then automatically selects the target rules based on the imported file.
In the Batch Operations dialog box, click Select File.
The system starts to match the rules in the Excel file against existing security group rules based on the priority, action, type, protocol & port, source, and destination.
- If a rule in the Excel file matches an existing rule, Verified is displayed in the Result column. Only the matched rules can be enabled or disabled.
- If a rule fails to be matched, the causes will be displayed in the Result column. The possible causes are as follows:
  - There is no such rule in this security group.
  - Inconsistent rule direction. For example, you perform the operation on outbound rules on the Inbound Rules tab, or the other way around.
  - Duplicate rules in the Excel file. The system automatically filters out the duplicate rules.
Confirm the rules and click OK.
The security group rule list page is displayed and the target rules are selected automatically.
In the upper left corner above the security group rule list, click Delete.
A confirmation dialog box is displayed.
Click OK.