Creating a security group rule

This section explains how to create a security group rule.

Tip: For communication between virtual servers on which a security group can be used by both, it is generally recommended that you specify the communicating destination using the security group ID.
Tip: A rule permitting communications must be explicitly specified for communication (including communication that comes back to a server) between virtual servers that have the same security group set. Resolve this by specifying your own security group ID.
Tip: For ingress, specify the source IP address, and for egress, specify the destination IP address.
  1. Set the environment variables below as follows: 
    $ DIRECTION=<communicDirection> (specify ingress or egress)
    $ PROTCOL=<communicProtocol> (specify tcp, udp, icmp or 0-65535)
    $ MIN_PORT_NUM=<minPortNum> (specify 0-65535)
    $ MAX_PORT_NUM=<maxPortNum> (specify 0-65535)
    $ SG_ID=<secGroupIdToAddRuleTo>
    $ REMOTE_IP=<ipAddressToAllow> (specify using a format such as XXX.XXX.XXX.0/24)

    or

    $ REMOTE_GROUP_ID=<secGroupIdToAllow>
  2. Execute the following API: 
    $ curl -Ss $NETWORK/v2.0/security-group-rules -X POST \
-H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
-d '{"security_group_rule":{"direction": "'$DIRECTION'",
 "port_range_min": '$MIN_PORT_NUM',
 "port_range_max": '$MAX_PORT_NUM',"protocol": "'$PROTCOL'",
 "remote_ip_prefix": "'$REMOTE_IP'","security_group_id": "'$SG_ID'"}}' \
| jq .

    or

    $ curl -Ss $NETWORK/v2.0/security-group-rules -X POST \
-H "X-Auth-Token: $OS_AUTH_TOKEN" -H "Content-Type: application/json" \
-d '{"security_group_rule":{"direction": "'$DIRECTION'",
 "port_range_min": '$MIN_PORT_NUM', "port_range_max": '$MAX_PORT_NUM',"protocol": "'$PROTCOL'",
 "remote_group_id": "'$REMOTE_GROUP_ID'",
 "security_group_id": "'$SG_ID'"}}' | jq .

    The following response is output:

    {
  "security_group_rule": {
    "remote_group_id": "<secGroupIdToAllow>",
    "direction": "<communicDirection>",
    "remote_ip_prefix": "<ipAddressToAllow>",
    "protocol": "<protocol>",
    "tenant_id": "<projId>",
    "port_range_max": <maxPortNum>,
    "security_group_id": "<secGroupIdWithNewRule>",
    "port_range_min": <minPortNum>,
    "ethertype": "IPv4",
    "id": "<secGroupRuleId>",
    "availability_zone": null
  }
}
  3. List the security group rules to confirm that it has been specified. 
    $ curl -Ss $NETWORK/v2.0/security-group-rules -X GET \
-H "X-Auth-Token: $OS_AUTH_TOKEN" | jq .

    If a list including set security group rules is output, as follows, that means creation was successful.

    {
  "security_group_rules": ]
  
    ...
      
    {
    "remote_group_id": "<secGroupIdToAllow>",
    "direction": "<commDirection>",
    "remote_ip_prefix": "<ipAddressToAllow>",
    "protocol": "<protocol>",
    "tenant_id": "<projId>",
    "port_range_max": <maxPortNum>,
    "security_group_id": "<secGroupIdWithNewRule>",
    "port_range_min": <minPortNum>,
    "ethertype": "IPv4",
    "id": "<secGroupRuleId>",
    }
    
    ...

  ]
}