Chapter 33. firewall


This chapter describes the commands under the firewall command.

33.1. firewall group create

Usage:

openstack firewall group create [-h] [-f {json,shell,table,value,yaml}]

                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     [--name NAME]
                                     [--description <description>]
                                     [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
                                     [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
                                     [--public | --private | --share | --no-share]
                                     [--enable | --disable]
                                     [--project <project>]
                                     [--project-domain <project-domain>]
                                     [--port <port> | --no-port]
Copy to Clipboard Toggle word wrap

Create a new firewall group

Expand
Table 33.1. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--name NAME

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release.

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--port <port>

Port(s) (name or id) to apply firewall group. this option can be repeated

--no-port

Detach all port from the firewall group

Expand
Table 33.2. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.3. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.4. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.5. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.2. firewall group delete

Usage:

openstack firewall group delete [-h]

                                     <firewall-group> [<firewall-group> ...]
Copy to Clipboard Toggle word wrap

Delete firewall group(s)

Expand
Table 33.6. Positional Arguments
ValueSummary

<firewall-group>

Firewall group(s) to delete (name or id)

Expand
Table 33.7. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

This command is provided by the python-neutronclient plugin.

33.3. firewall group list

Usage:

openstack firewall group list [-h] [-f {csv,json,table,value,yaml}]

                                   [-c COLUMN] [--max-width <integer>]
                                   [--fit-width] [--print-empty]
                                   [--noindent]
                                   [--quote {all,minimal,none,nonnumeric}]
                                   [--sort-column SORT_COLUMN] [--long]
Copy to Clipboard Toggle word wrap

List firewall groups

Expand
Table 33.8. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--long

List additional fields in output

Expand
Table 33.9. Output Formatters
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Expand
Table 33.10. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.11. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.12. CSV Formatter
ValueSummary

--quote {all,minimal,none,nonnumeric}

when to include quotes, defaults to nonnumeric

This command is provided by the python-neutronclient plugin.

33.4. firewall group policy add rule

Usage:

openstack firewall group policy add rule [-h]

                                              [--insert-before <firewall-rule>]
                                              [--insert-after <firewall-rule>]
                                              <firewall-policy>
                                              <firewall-rule>
Copy to Clipboard Toggle word wrap

Insert a rule into a given firewall policy

Expand
Table 33.13. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy to insert rule (name or id)

<firewall-rule>

Firewall rule to be inserted (name or id)

Expand
Table 33.14. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--insert-before <firewall-rule>

Insert the new rule before this existing rule (name or ID)

--insert-after <firewall-rule>

Insert the new rule after this existing rule (name or ID)

This command is provided by the python-neutronclient plugin.

33.5. firewall group policy create

Usage:

openstack firewall group policy create [-h]

                                            [-f {json,shell,table,value,yaml}]
                                            [-c COLUMN]
                                            [--max-width <integer>]
                                            [--fit-width] [--print-empty]
                                            [--noindent] [--prefix PREFIX]
                                            [--description DESCRIPTION]
                                            [--audited | --no-audited]
                                            [--share | --public | --private | --no-share]
                                            [--project <project>]
                                            [--project-domain <project-domain>]
                                            [--firewall-rule <firewall-rule> | --no-firewall-rule]
                                            <name>
Copy to Clipboard Toggle word wrap

Create a new firewall policy

Expand
Table 33.15. Positional Arguments
ValueSummary

<name>

Name for the firewall policy

Expand
Table 33.16. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--description DESCRIPTION

Description of the firewall policy

--audited

Enable auditing for the policy

--no-audited

Disable auditing for the policy

--share

Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.

--no-share

Restrict use of the firewall policy to the current project

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--firewall-rule <firewall-rule>

Firewall rule(s) to apply (name or ID)

--no-firewall-rule

Unset all firewall rules from firewall policy

Expand
Table 33.17. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.18. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.19. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.20. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.6. firewall group policy delete

Usage:

openstack firewall group policy delete [-h]

                                            <firewall-policy>
                                            [<firewall-policy> ...]
Copy to Clipboard Toggle word wrap

Delete firewall policy(s)

Expand
Table 33.21. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy(s) to delete (name or id)

Expand
Table 33.22. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

This command is provided by the python-neutronclient plugin.

33.7. firewall group policy list

Usage:

openstack firewall group policy list [-h]

                                          [-f {csv,json,table,value,yaml}]
                                          [-c COLUMN]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent]
                                          [--quote {all,minimal,none,nonnumeric}]
                                          [--sort-column SORT_COLUMN]
                                          [--long]
Copy to Clipboard Toggle word wrap

List firewall policies

Expand
Table 33.23. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--long

List additional fields in output

Expand
Table 33.24. Output Formatters
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Expand
Table 33.25. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.26. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.27. CSV Formatter
ValueSummary

--quote {all,minimal,none,nonnumeric}

when to include quotes, defaults to nonnumeric

This command is provided by the python-neutronclient plugin.

33.8. firewall group policy remove rule

Usage:

openstack firewall group policy remove rule [-h]

                                                 <firewall-policy>
                                                 <firewall-rule>
Copy to Clipboard Toggle word wrap

Remove a rule from a given firewall policy

Expand
Table 33.28. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy to remove rule (name or id)

<firewall-rule>

Firewall rule to remove from policy (name or id)

Expand
Table 33.29. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

This command is provided by the python-neutronclient plugin.

33.9. firewall group policy set

Usage:

openstack firewall group policy set [-h] [--description DESCRIPTION]

                                         [--audited | --no-audited]
                                         [--share | --public | --private | --no-share]
                                         [--name <name>]
                                         [--firewall-rule <firewall-rule>]
                                         [--no-firewall-rule]
                                         <firewall-policy>
Copy to Clipboard Toggle word wrap

Set firewall policy properties

Expand
Table 33.30. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy to update (name or id)

Expand
Table 33.31. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--description DESCRIPTION

Description of the firewall policy

--audited

Enable auditing for the policy

--no-audited

Disable auditing for the policy

--share

Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project).

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release.

--no-share

Restrict use of the firewall policy to the current project

--name <name>

Name for the firewall policy

--firewall-rule <firewall-rule>

Firewall rule(s) to apply (name or ID)

--no-firewall-rule

Remove all firewall rules from firewall policy

This command is provided by the python-neutronclient plugin.

33.10. firewall group policy show

Usage:

openstack firewall group policy show [-h]

                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent] [--prefix PREFIX]
                                          <firewall-policy>
Copy to Clipboard Toggle word wrap

Display firewall policy details

Expand
Table 33.32. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy to show (name or id)

Expand
Table 33.33. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

Expand
Table 33.34. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.35. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.36. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.37. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.11. firewall group policy unset

Usage:

openstack firewall group policy unset [-h]

                                           [--firewall-rule <firewall-rule> | --all-firewall-rule]
                                           [--audited] [--share] [--public]
                                           <firewall-policy>
Copy to Clipboard Toggle word wrap

Unset firewall policy properties

Expand
Table 33.38. Positional Arguments
ValueSummary

<firewall-policy>

Firewall policy to unset (name or id)

Expand
Table 33.39. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--firewall-rule <firewall-rule>

Remove firewall rule(s) from the firewall policy (name or ID)

--all-firewall-rule

Remove all firewall rules from the firewall policy

--audited

Disable auditing for the policy

--share

Restrict use of the firewall policy to the current project

--public

Restrict use of the firewall policy to the current project. This option is deprecated and would be removed in R release.

This command is provided by the python-neutronclient plugin.

33.12. firewall group rule create

Usage:

openstack firewall group rule create [-h]

                                          [-f {json,shell,table,value,yaml}]
                                          [-c COLUMN]
                                          [--max-width <integer>]
                                          [--fit-width] [--print-empty]
                                          [--noindent] [--prefix PREFIX]
                                          [--name <name>]
                                          [--description <description>]
                                          [--protocol {tcp,udp,icmp,any}]
                                          [--action {allow,deny,reject}]
                                          [--ip-version <ip-version>]
                                          [--source-ip-address <source-ip-address> | --no-source-ip-address]
                                          [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
                                          [--source-port <source-port> | --no-source-port]
                                          [--destination-port <destination-port> | --no-destination-port]
                                          [--public | --private | --share | --no-share]
                                          [--enable-rule | --disable-rule]
                                          [--project <project>]
                                          [--project-domain <project-domain>]
Copy to Clipboard Toggle word wrap

Create a new firewall rule

Expand
Table 33.40. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol {tcp,udp,icmp,any}

Protocol for the firewall rule

--action {allow,deny,reject}

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

Expand
Table 33.41. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.42. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.43. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.44. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.13. firewall group rule delete

Usage:

openstack firewall group rule delete [-h]

                                          <firewall-rule>
                                          [<firewall-rule> ...]
Copy to Clipboard Toggle word wrap

Delete firewall rule(s)

Expand
Table 33.45. Positional Arguments
ValueSummary

<firewall-rule>

Firewall rule(s) to delete (name or id)

Expand
Table 33.46. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

This command is provided by the python-neutronclient plugin.

33.14. firewall group rule list

Usage:

openstack firewall group rule list [-h]

                                        [-f {csv,json,table,value,yaml}]
                                        [-c COLUMN] [--max-width <integer>]
                                        [--fit-width] [--print-empty]
                                        [--noindent]
                                        [--quote {all,minimal,none,nonnumeric}]
                                        [--sort-column SORT_COLUMN] [--long]
Copy to Clipboard Toggle word wrap

List firewall rules that belong to a given tenant

Expand
Table 33.47. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--long

List additional fields in output

Expand
Table 33.48. Output Formatters
ValueSummary

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

--sort-column SORT_COLUMN

specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

Expand
Table 33.49. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.50. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.51. CSV Formatter
ValueSummary

--quote {all,minimal,none,nonnumeric}

when to include quotes, defaults to nonnumeric

This command is provided by the python-neutronclient plugin.

33.15. firewall group rule set

Usage:

openstack firewall group rule set [-h] [--name <name>]

                                       [--description <description>]
                                       [--protocol {tcp,udp,icmp,any}]
                                       [--action {allow,deny,reject}]
                                       [--ip-version <ip-version>]
                                       [--source-ip-address <source-ip-address> | --no-source-ip-address]
                                       [--destination-ip-address <destination-ip-address> | --no-destination-ip-address]
                                       [--source-port <source-port> | --no-source-port]
                                       [--destination-port <destination-port> | --no-destination-port]
                                       [--public | --private | --share | --no-share]
                                       [--enable-rule | --disable-rule]
                                       <firewall-rule>
Copy to Clipboard Toggle word wrap

Set firewall rule properties

Expand
Table 33.52. Positional Arguments
ValueSummary

<firewall-rule>

Firewall rule to set (name or id)

Expand
Table 33.53. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--name <name>

Name of the firewall rule

--description <description>

Description of the firewall rule

--protocol {tcp,udp,icmp,any}

Protocol for the firewall rule

--action {allow,deny,reject}

Action for the firewall rule

--ip-version <ip-version>

Set IP version 4 or 6 (default is 4)

--source-ip-address <source-ip-address>

Source IP address or subnet

--no-source-ip-address

Detach source IP address

--destination-ip-address <destination-ip-address>

Destination IP address or subnet

--no-destination-ip-address

Detach destination IP address

--source-port <source-port>

Source port number or range(integer in [1, 65535] or range like 123:456)

--no-source-port

Detach source port number or range

--destination-port <destination-port>

Destination port number or range(integer in [1, 65535] or range like 123:456)

--no-destination-port

Detach destination port number or range

--public

Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release

--private

Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release.

--share

Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall rule to the current project

--enable-rule

Enable this rule (default is enabled)

--disable-rule

Disable this rule

This command is provided by the python-neutronclient plugin.

33.16. firewall group rule show

Usage:

openstack firewall group rule show [-h]

                                        [-f {json,shell,table,value,yaml}]
                                        [-c COLUMN] [--max-width <integer>]
                                        [--fit-width] [--print-empty]
                                        [--noindent] [--prefix PREFIX]
                                        <firewall-rule>
Copy to Clipboard Toggle word wrap

Display firewall rule details

Expand
Table 33.54. Positional Arguments
ValueSummary

<firewall-rule>

Firewall rule to display (name or id)

Expand
Table 33.55. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

Expand
Table 33.56. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.57. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.58. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.59. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.17. firewall group rule unset

Usage:

openstack firewall group rule unset [-h] [--source-ip-address]

                                         [--destination-ip-address]
                                         [--source-port]
                                         [--destination-port] [--share]
                                         [--public] [--enable-rule]
                                         <firewall-rule>
Copy to Clipboard Toggle word wrap

Unset firewall rule properties

Expand
Table 33.60. Positional Arguments
ValueSummary

<firewall-rule>

Firewall rule to unset (name or id)

Expand
Table 33.61. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--source-ip-address

Source ip address or subnet

--destination-ip-address

Destination IP address or subnet

--source-port

Source port number or range(integer in [1, 65535] or range like 123:456)

--destination-port

Destination port number or range(integer in [1, 65535] or range like 123:456)

--share

Restrict use of the firewall rule to the current project

--public

Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release.

--enable-rule

Disable this rule

This command is provided by the python-neutronclient plugin.

33.18. firewall group set

Usage:

openstack firewall group set [-h] [--name NAME]

                                  [--description <description>]
                                  [--ingress-firewall-policy <ingress-firewall-policy> | --no-ingress-firewall-policy]
                                  [--egress-firewall-policy <egress-firewall-policy> | --no-egress-firewall-policy]
                                  [--public | --private | --share | --no-share]
                                  [--enable | --disable] [--port <port>]
                                  [--no-port]
                                  <firewall-group>
Copy to Clipboard Toggle word wrap

Set firewall group properties

Expand
Table 33.62. Positional Arguments
ValueSummary

<firewall-group>

Firewall group to update (name or id)

Expand
Table 33.63. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--name NAME

Name for the firewall group

--description <description>

Description of the firewall group

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID)

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID)

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--private

Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release.

--share

Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project).

--no-share

Restrict use of the firewall group to the current project

--enable

Enable firewall group

--disable

Disable firewall group

--port <port>

Port(s) (name or id) to apply firewall group. this option can be repeated

--no-port

Detach all port from the firewall group

This command is provided by the python-neutronclient plugin.

33.19. firewall group show

Usage:

openstack firewall group show [-h] [-f {json,shell,table,value,yaml}]

                                   [-c COLUMN] [--max-width <integer>]
                                   [--fit-width] [--print-empty]
                                   [--noindent] [--prefix PREFIX]
                                   <firewall-group>
Copy to Clipboard Toggle word wrap

Display firewall group details

Expand
Table 33.64. Positional Arguments
ValueSummary

<firewall-group>

Firewall group to show (name or id)

Expand
Table 33.65. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

Expand
Table 33.66. Output Formatters
ValueSummary

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

the output format, defaults to table

-c COLUMN, --column COLUMN

specify the column(s) to include, can be repeated

Expand
Table 33.67. Table Formatter
ValueSummary

--max-width <integer>

Maximum display width, <1 to disable. You can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

Expand
Table 33.68. JSON Formatter
ValueSummary

--noindent

Whether to disable indenting the json

Expand
Table 33.69. shell formatter
ValueSummary

--prefix PREFIX

Add a prefix to all variable names

This command is provided by the python-neutronclient plugin.

33.20. firewall group unset

Usage:

openstack firewall group unset [-h] [--port <port> | --all-port]

                                    [--ingress-firewall-policy]
                                    [--egress-firewall-policy]
                                    [--public | --share] [--enable]
                                    <firewall-group>
Copy to Clipboard Toggle word wrap

Unset firewall group properties

Expand
Table 33.70. Positional Arguments
ValueSummary

<firewall-group>

Firewall group to unset (name or id)

Expand
Table 33.71. Optional Arguments
ValueSummary

-h, --help

Show this help message and exit

--port <port>

Port(s) (name or id) to apply firewall group. this option can be repeated

--all-port

Remove all ports for this firewall group

--ingress-firewall-policy

Ingress firewall policy (name or ID) to delete

--egress-firewall-policy

Egress firewall policy (name or ID) to delete

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release.

--share

Restrict use of the firewall group to the current project

--enable

Disable firewall group

This command is provided by the python-neutronclient plugin.

Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat