Chapter 71. security
This chapter describes the commands under the security command.
71.1. security group create
Create a new security group
Usage:
openstack security group create [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--noindent]
[--prefix PREFIX]
[--max-width <integer>] [--fit-width]
[--print-empty]
[--description <description>]
[--project <project>]
[--stateful | --stateless]
[--project-domain <project-domain>]
[--tag <tag> | --no-tag]
<name>
| Value | Summary |
|---|---|
| <name> | New security group name |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --description <description> | Security group description |
| --project <project> | Owner’s project (name or id) |
| --stateful | Security group is stateful (default) |
| --stateless | Security group is stateless |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| --tag <tag> | Tag to be added to the security group (repeat option to set multiple tags) |
| --no-tag | No tags associated with the security group |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.2. security group delete
Delete security group(s)
Usage:
openstack security group delete [-h] <group> [<group> ...]
| Value | Summary |
|---|---|
| <group> | Security group(s) to delete (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
71.3. security group list
List security groups
Usage:
openstack security group list [-h] [-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent] [--max-width <integer>]
[--fit-width] [--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--project <project>]
[--project-domain <project-domain>]
[--tags <tag>[,<tag>,...]]
[--any-tags <tag>[,<tag>,...]]
[--not-tags <tag>[,<tag>,...]]
[--not-any-tags <tag>[,<tag>,...]]
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --project <project> | List security groups according to the project (name or ID) |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| --tags <tag>[,<tag>,…] | List security group which have all given tag(s) (Comma-separated list of tags) |
| --any-tags <tag>[,<tag>,…] | List security group which have any given tag(s) (Comma-separated list of tags) |
| --not-tags <tag>[,<tag>,…] | Exclude security group which have all given tag(s) (Comma-separated list of tags) |
| --not-any-tags <tag>[,<tag>,…] | Exclude security group which have any given tag(s) (Comma-separated list of tags) |
| Value | Summary |
|---|---|
| -f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| --sort-ascending | Sort the column(s) in ascending order |
| --sort-descending | Sort the column(s) in descending order |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.4. security group rule create
Create a new security group rule
Usage:
openstack security group rule create [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN] [--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width] [--print-empty]
[--remote-ip <ip-address> | --remote-group <group> | --remote-address-group <group>]
[--dst-port <port-range>]
[--protocol <protocol>]
[--description <description>]
[--icmp-type <icmp-type>]
[--icmp-code <icmp-code>]
[--ingress | --egress]
[--ethertype <ethertype>]
[--project <project>]
[--project-domain <project-domain>]
<group>
| Value | Summary |
|---|---|
| <group> | Create rule in this security group (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --remote-ip <ip-address> | Remote ip address block (may use cidr notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0) |
| --remote-group <group> | Remote security group (name or id) |
| --remote-address-group <group> | Remote address group (name or id) |
| --dst-port <port-range> | Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols. |
| --protocol <protocol> | Ip protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols)) |
| --description <description> | Set security group rule description |
| --icmp-type <icmp-type> | Icmp type for icmp ip protocols |
| --icmp-code <icmp-code> | Icmp code for icmp ip protocols |
| --ingress | Rule applies to incoming network traffic (default) |
| --egress | Rule applies to outgoing network traffic |
| --ethertype <ethertype> | Ethertype of network traffic (ipv4, ipv6; default: based on IP protocol) |
| --project <project> | Owner’s project (name or id) |
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.5. security group rule delete
Delete security group rule(s)
Usage:
openstack security group rule delete [-h] <rule> [<rule> ...]
| Value | Summary |
|---|---|
| <rule> | Security group rule(s) to delete (id only) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
71.6. security group rule list
List security group rules
Usage:
openstack security group rule list [-h]
[-f {csv,json,table,value,yaml}]
[-c COLUMN]
[--quote {all,minimal,none,nonnumeric}]
[--noindent] [--max-width <integer>]
[--fit-width] [--print-empty]
[--sort-column SORT_COLUMN]
[--sort-ascending | --sort-descending]
[--protocol <protocol>]
[--ethertype <ethertype>]
[--ingress | --egress] [--long]
[<group>]
| Value | Summary |
|---|---|
| <group> | List all rules in this security group (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --protocol <protocol> | List rules by the ip protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols)) |
| --ethertype <ethertype> | List rules by the ethertype (ipv4 or ipv6) |
| --ingress | List rules applied to incoming network traffic |
| --egress | List rules applied to outgoing network traffic |
| --long | deprecated this argument is no longer needed |
| Value | Summary |
|---|---|
| -f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated |
| --sort-ascending | Sort the column(s) in ascending order |
| --sort-descending | Sort the column(s) in descending order |
| Value | Summary |
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.7. security group rule show
Display security group rule details
Usage:
openstack security group rule show [-h]
[-f {json,shell,table,value,yaml}]
[-c COLUMN] [--noindent]
[--prefix PREFIX]
[--max-width <integer>]
[--fit-width] [--print-empty]
<rule>
| Value | Summary |
|---|---|
| <rule> | Security group rule to display (id only) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.8. security group set
Set security group properties
Usage:
openstack security group set [-h] [--name <new-name>]
[--description <description>]
[--stateful | --stateless] [--tag <tag>]
[--no-tag]
<group>
| Value | Summary |
|---|---|
| <group> | Security group to modify (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --name <new-name> | New security group name |
| --description <description> | New security group description |
| --stateful | Security group is stateful (default) |
| --stateless | Security group is stateless |
| --tag <tag> | Tag to be added to the security group (repeat option to set multiple tags) |
| --no-tag | Clear tags associated with the security group. specify both --tag and --no-tag to overwrite current tags |
71.9. security group show
Display security group details
Usage:
openstack security group show [-h] [-f {json,shell,table,value,yaml}]
[-c COLUMN] [--noindent]
[--prefix PREFIX] [--max-width <integer>]
[--fit-width] [--print-empty]
<group>
| Value | Summary |
|---|---|
| <group> | Security group to display (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| Value | Summary |
|---|---|
| -f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table |
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated to show multiple columns |
| Value | Summary |
|---|---|
| --noindent | Whether to disable indenting the json |
| Value | Summary |
|---|---|
| --prefix PREFIX | Add a prefix to all variable names |
| Value | Summary |
|---|---|
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. |
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable |
| --print-empty | Print empty table if there is no data to show. |
71.10. security group unset
Unset security group properties
Usage:
openstack security group unset [-h] [--tag <tag> | --all-tag] <group>
| Value | Summary |
|---|---|
| <group> | Security group to modify (name or id) |
| Value | Summary |
|---|---|
| -h, --help | Show this help message and exit |
| --tag <tag> | Tag to be removed from the security group (repeat option to remove multiple tags) |
| --all-tag | Clear all tags associated with the security group |
