Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

2.298. openstack security group rule create

usage: openstack security group rule create [-h]
                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--noindent] [--prefix PREFIX]
                                            [--src-ip <ip-address> | --src-group <group>]
                                            [--dst-port <port-range>]
                                            [--icmp-type <icmp-type>]
                                            [--icmp-code <icmp-code>]
                                            [--protocol <protocol>]
                                            [--ingress | --egress]
                                            [--ethertype <ethertype>]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            <group>
Copy to Clipboard Toggle word wrap
Create a new security group rule

Positional arguments

<group>


        Create rule in this security group (name or ID)

Optional arguments

-h, --help


        show this help message and exit

--src-ip <ip-address>


      Source IP address block (may use CIDR notation;
      default for IPv4 rule: 0.0.0.0/0)

--src-group <group>


        Source security group (name or ID)

--dst-port <port-range>


      Destination port, may be a single port or a starting
      and ending port range: 137:139. Required for IP
      protocols TCP and UDP. Ignored for ICMP IP protocols.

--icmp-type <icmp-type>


      ICMP type for ICMP IP protocols

--icmp-code <icmp-code>


      ICMP code for ICMP IP protocols

--protocol <protocol>


      IP protocol (ah, dccp, egp, esp, gre, icmp, igmp,
      ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt,
      ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp,
      udp, udplite, vrrp and integer representations
      [0-255]; default: tcp)

--ingress


        Rule applies to incoming network traffic (default)

--egress


        Rule applies to outgoing network traffic

--ethertype <ethertype>


      Ethertype of network traffic (IPv4, IPv6; default:
      based on IP protocol)

--project <project>


        Owner's project (name or ID)

--project-domain <project-domain>


      Domain the project belongs to (name or ID). This can
      be used in case collisions between project names
      exist.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat