Create Security Group Rule

Request
Response

This operation requires a request body.

The following table describes the required and optional attributes in the request body:

Table 5.7. Create Security Group Rule Request Attributes
Attribute	Required	Description
direction	Required	Ingress or egress: The direction in which the security group rule is applied. For a compute instance, an ‘ingress’ security group rule matches traffic that is incoming (ingress) for that instance. An ‘egress’ rule is applied to traffic leaving the instance.
security_group_id	Required	The security group ID to associate with this security group rule.
port_range_min	Optional	The minimum port number in the range that is matched by the security group rule. If the protocol is TCP or UDP, this value must be less than or equal to the value of the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
port_range_max	Optional	The maximum port number in the range that is matched by the security group rule. The port_range_min attribute constrains the port_range_max attribute. If the protocol is ICMP, this value must be an ICMP type.
protocol	Optional	The protocol that is matched by the security group rule. Valid values are null, tcp, udp, and icmp.
remote_group_id	Optional	The remote group ID to be associated with this security group rule. You can specify either remote_group_id or remote_ip_prefix in the request body.
remote_ip_prefix	Optional	The remote IP prefix to be associated with this security group rule. You can specify either remote_group_id or remote_ip_prefix in the request body. This attribute matches the specified IP prefix as the source IP address of the IP packet.

This operation returns a response body.

Method	URI	Description
POST	`/security-group-rules`	Creates an OpenStack Networking security group rule.

Normal Response Code(s): 201

Error Response Code(s): badRequest (400), unauthorized (401), itemNotFound (404), buildInProgress (409)

Request

Example 5.59. Create Security Group Rule Request: JSON

POST /v2.0/security-groups.json
Accept: application/json
{
   "security_group":{
      "name":"new-webservers",
      "description":"security group for webservers"
   }
}

Response

Example 5.60. Create Security Group Rule Response: JSON

{
   "security_group":{
      "description":"security group for webservers",
      "id":"2076db17-a522-4506-91de-c6dd8e837028",
      "name":"new-webservers",
      "security_group_rules":[
         {
            "direction":"egress",
            "ethertype":"IPv4",
            "id":"38ce2d8e-e8f1-48bd-83c2-d33cb9f50c3d",
            "port_range_max":null,
            "port_range_min":null,
            "protocol":null,
            "remote_group_id":null,
            "remote_ip_prefix":null,
            "security_group_id":"2076db17-a522-4506-91de-c6dd8e837028",
            "tenant_id":"e4f50856753b4dc6afee5fa6b9b6c550"
         },
         {
            "direction":"egress",
            "ethertype":"IPv6",
            "id":"565b9502-12de-4ffd-91e9-68885cff6ae1",
            "port_range_max":null,
            "port_range_min":null,
            "protocol":null,
            "remote_group_id":null,
            "remote_ip_prefix":null,
            "security_group_id":"2076db17-a522-4506-91de-c6dd8e837028",
            "tenant_id":"e4f50856753b4dc6afee5fa6b9b6c550"
         }
      ],
      "tenant_id":"e4f50856753b4dc6afee5fa6b9b6c550"
   }
}

Log a bug against this page

Legal notices

Prev	Up	Next
	Home