Modifying a Security Group Rule

Scenarios

You can modify the port, protocol, and IP address of your security group rules as required to ensure the security of your instances.

Notes and Constraints

Note that modifying a security group rule may interrupt your services or cause network security risks.

Security group rules are like a whitelist. If there are no rules that allow or deny some traffic, the security group denies all traffic to or from the instances in the security group

The inbound rules in Table 1 ensure that instances in the security group can communicate with each other. Do not modify these rules.

The outbound rules in Table 1 allow instances in the security group to access external networks. If you modify these rules, the instances in the security group cannot access external networks.

**Table 1** Security group rules
Direction	Action	Type	Protocol & Port	Source/Destination
Inbound	Allow	IPv4	All	Source: current security group
Inbound	Allow	IPv6	All	Source: current security group
Outbound	Allow	IPv4	All	Destination: 0.0.0.0/0
Outbound	Allow	IPv6	All	Destination: ::/0

Procedure

Log in to the management console.
Click in the upper left corner and select the desired region and project.
Click in the upper left corner and choose Networking > Virtual Private Cloud.
The Virtual Private Cloud page is displayed.
In the navigation pane on the left, choose Access Control > Security Groups.
The security group list is displayed.
In the security group list, click the name of the security group.
The security group details page is displayed.
Click the Inbound Rules or Outbound Rules tab as required.
The security group rule list is displayed.
Locate the target rule and click Modify in the Operation column.
Modify the security group rule information as prompted and click Confirm.