Chapter 71. security

<name>

New security group name

-h, --help

Show this help message and exit

--description <description>

Security group description

--project <project>

Owner’s project (name or id)

--stateful

Security group is stateful (default)

--stateless

Security group is stateless

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

No tags associated with the security group

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--noindent

Whether to disable indenting the json

--prefix PREFIX

Add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<group>

Security group(s) to delete (name or id)

-h, --help

Show this help message and exit

-h, --help

Show this help message and exit

--project <project>

List security groups according to the project (name or ID)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

--tags <tag>[,<tag>,…​]

List security group which have all given tag(s) (Comma-separated list of tags)

--any-tags <tag>[,<tag>,…​]

List security group which have any given tag(s) (Comma-separated list of tags)

--not-tags <tag>[,<tag>,…​]

Exclude security group which have all given tag(s) (Comma-separated list of tags)

--not-any-tags <tag>[,<tag>,…​]

Exclude security group which have any given tag(s) (Comma-separated list of tags)

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

Sort the column(s) in ascending order

--sort-descending

Sort the column(s) in descending order

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

--noindent

Whether to disable indenting the json

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<group>

Create rule in this security group (name or id)

-h, --help

Show this help message and exit

--remote-ip <ip-address>

Remote ip address block (may use cidr notation; default for IPv4 rule: 0.0.0.0/0, default for IPv6 rule: ::/0)

--remote-group <group>

Remote security group (name or id)

--remote-address-group <group>

Remote address group (name or id)

--dst-port <port-range>

Destination port, may be a single port or a starting and ending port range: 137:139. Required for IP protocols TCP and UDP. Ignored for ICMP IP protocols.

--protocol <protocol>

Ip protocol (ah, dccp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--description <description>

Set security group rule description

--icmp-type <icmp-type>

Icmp type for icmp ip protocols

--icmp-code <icmp-code>

Icmp code for icmp ip protocols

--ingress

Rule applies to incoming network traffic (default)

--egress

Rule applies to outgoing network traffic

--ethertype <ethertype>

Ethertype of network traffic (ipv4, ipv6; default: based on IP protocol)

--project <project>

Owner’s project (name or id)

--project-domain <project-domain>

Domain the project belongs to (name or id). this can be used in case collisions between project names exist.

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--noindent

Whether to disable indenting the json

--prefix PREFIX

Add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<rule>

Security group rule(s) to delete (id only)

-h, --help

Show this help message and exit

<group>

List all rules in this security group (name or id)

-h, --help

Show this help message and exit

--protocol <protocol>

List rules by the ip protocol (ah, dhcp, egp, esp, gre, icmp, igmp, ipv6-encap, ipv6-frag, ipv6-icmp, ipv6-nonxt, ipv6-opts, ipv6-route, ospf, pgm, rsvp, sctp, tcp, udp, udplite, vrrp and integer representations [0-255] or any; default: any (all protocols))

--ethertype <ethertype>

List rules by the ethertype (ipv4 or ipv6)

--ingress

List rules applied to incoming network traffic

--egress

List rules applied to outgoing network traffic

--long

deprecated this argument is no longer needed

-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--sort-column SORT_COLUMN

Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated

--sort-ascending

Sort the column(s) in ascending order

--sort-descending

Sort the column(s) in descending order

--quote {all,minimal,none,nonnumeric}

When to include quotes, defaults to nonnumeric

--noindent

Whether to disable indenting the json

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<rule>

Security group rule to display (id only)

-h, --help

Show this help message and exit

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--noindent

Whether to disable indenting the json

--prefix PREFIX

Add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<group>

Security group to modify (name or id)

-h, --help

Show this help message and exit

--name <new-name>

New security group name

--description <description>

New security group description

--stateful

Security group is stateful (default)

--stateless

Security group is stateless

--tag <tag>

Tag to be added to the security group (repeat option to set multiple tags)

--no-tag

Clear tags associated with the security group. specify both --tag and --no-tag to overwrite current tags

<group>

Security group to display (name or id)

-h, --help

Show this help message and exit

-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml}

The output format, defaults to table

-c COLUMN, --column COLUMN

Specify the column(s) to include, can be repeated to show multiple columns

--noindent

Whether to disable indenting the json

--prefix PREFIX

Add a prefix to all variable names

--max-width <integer>

Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence.

--fit-width

Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable

--print-empty

Print empty table if there is no data to show.

<group>

Security group to modify (name or id)

-h, --help

Show this help message and exit

--tag <tag>

Tag to be removed from the security group (repeat option to remove multiple tags)

--all-tag

Clear all tags associated with the security group