Create security group rule
Creates an OpenStack Networking security group rule.
URI
/v2.0/security-group-rules
HTTP method
POST
Request parameter
| Key | Description | Type | Required/optional |
|---|---|---|---|
| direction | Ingress or egress: The direction in which the security group rule is applied. For a compute instance, an ingress security group rule is applied to incoming (ingress) traffic for that instance. An egress rule is applied to traffic leaving the instance. | xsd:string | Required |
| port_range_min | The minimum port number in the range that is matched by the security group rule. When the protocol is TCP or UDP, this value must be less than or equal to the value of the port_range_max attribute. If this value is not specified, the security group rule matches all numbers of port. If port_range_min is 0, all port numbers are allowed regardless of port_range_max. When the protocol is ICMP, this value must be an ICMP type. If this value is not specified, the security group rule matches all ICMP types. |
xsd:int | Optional |
| ethertype | Must be IPv4, and addresses represented in CIDR must match the ingress or egress rules. If this values is not specified, IPv4 is set. |
xsd:string | Optional |
| port_range_max | The maximum port number in the range that is matched by the security group rule. When the protocol is TCP or UDP , the port_range_min attribute constrains the port_range_max attribute. When the protocol is ICMP, this value must be an ICMP code. If this value is not specified, the security group rule matches all ICMP codes. |
xsd:int | Optional |
| protocol | The protocol that is matched by the security group rule. Valid values are null, tcp, udp, icmp, and digits between 0-and 255 | xsd:string | Optional |
| remote_group_id | The remote group ID to be associated with this security group rule. You can specify either remote_group_id or remote_ip_prefix in the request body. | csapi:uuid | Optional |
| security_group_id | The security group ID to associate with this security group rule. | csapi:uuid | Required |
| remote_ip_prefix | The remote IP prefix to be associated with this security group rule. You can specify either remote_group_id or remote_ip_prefix in the request body. This attribute matches the specified IP prefix as the source or destination IP address of the IP packet. if direction is ingress matches source, otherwise matches destination. | xsd:string | Optional |
Example request
{
"security_group_rule": {
"direction": "ingress",
"port_range_min": "80",
"ethertype": "IPv4",
"port_range_max": "80",
"protocol": "tcp",
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a"
}
}
Response status
| Status code | Description |
|---|---|
| 201 | Normal response codes |
| badRequest (400) | Error response codes |
| unauthorized (401) | Error response codes |
| itemNotFound (404) | Error response codes |
| buildInProgress (409) | Error response codes |
Response body (normal status)
{
"security_group_rule": {
"direction": "ingress",
"ethertype": "IPv4",
"id": "2bc0accf-312e-429a-956e-e4407625eb62",
"port_range_max": 80,
"port_range_min": 80,
"protocol": "tcp",
"remote_group_id": "85cc3048-abc3-43cc-89b3-377341426ac5",
"remote_ip_prefix": null,
"security_group_id": "a7734e61-b545-452d-a3cd-0189cbd9747a",
"tenant_id": "e4f50856753b4dc6afee5fa6b9b6c550"
}
}
Description of response body (normal status)
| Item | Description |
|---|---|
| id | The security group rule ID. |
| direction | Ingress or egress: The direction in which the security group rule is applied. For a compute instance, an ingress security group rule is applied to incoming (ingress) traffic for that instance. An egress rule is applied to traffic leaving the instance. |
| port_range_min | The minimum port number in the range that is matched by the security group rule. When the protocol is TCP or UDP, If this value is not specified, the security group rule matches all numbers of port. If port_range_min is 0, all port numbers are allowed regardless of port_range_max. When the protocol is ICMP, this value must be an ICMP type. If this value is null, the security group rule matches all ICMP types. |
| ethertype | Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. |
| port_range_max | The maximum port number in the range that is matched by the security group rule. When the protocol is ICMP, If this value is not specified, the security group rule matches all ICMP codes. |
| protocol | The protocol that is matched by the security group rule. Valid values are null, tcp, udp, icmp, and digits between 0-and 255 |
| remote_group_id | The remote group ID to be associated with this security group rule. |
| security_group_id | The security group ID to associate with this security group rule. |
| remote_ip_prefix | The remote IP prefix to be associated with this security group rule. This attribute matches the specified IP prefix as the source or destination IP address of the IP packet. if direction is ingress matches source, otherwise matches destination. |