Ce contenu n'est pas disponible dans la langue sélectionnée.
Chapter 29. firewall
			This chapter describes the commands under the firewall command.
		
29.1. firewall group create
Create a new firewall group
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| --share | Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project). | 
| --no-port | Detach all port from the firewall group | 
| --disable | Disable firewall group | 
| --public | Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release. | 
| --no-egress-firewall-policy | Detach egress firewall policy from the firewall group | 
| --enable | Enable firewall group | 
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. | 
| --egress-firewall-policy <egress-firewall-policy> | Egress firewall policy (name or id) | 
| --project <project> | Owner’s project (name or id) | 
| --no-share | Restrict use of the firewall group to the current project | 
| --no-ingress-firewall-policy | Detach ingress firewall policy from the firewall group | 
| --private | Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release. | 
| --port <port> | Port(s) (name or id) to apply firewall group. this option can be repeated | 
| --name NAME | Name for the firewall group | 
| -h, --help | Show this help message and exit | 
| --description <description> | Description of the firewall group | 
| --ingress-firewall-policy <ingress-firewall-policy> | Ingress firewall policy (name or id) | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.2. firewall group delete
Delete firewall group(s)
Usage:
openstack firewall group delete [-h]
                                       <firewall-group> [<firewall-group> ...]
openstack firewall group delete [-h]
                                       <firewall-group> [<firewall-group> ...]| Value | Summary | 
|---|---|
| <firewall-group> | Firewall group(s) to delete (name or id) | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
29.3. firewall group list
List firewall groups
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric | 
| Value | Summary | 
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| --long | List additional fields in output | 
29.4. firewall group policy add rule
Insert a rule into a given firewall policy
Usage:
openstack firewall group policy add rule [-h]
                                                [--insert-before <firewall-rule>]
                                                [--insert-after <firewall-rule>]
                                                <firewall-policy>
                                                <firewall-rule>
openstack firewall group policy add rule [-h]
                                                [--insert-before <firewall-rule>]
                                                [--insert-after <firewall-rule>]
                                                <firewall-policy>
                                                <firewall-rule>| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy to insert rule (name or id) | 
| <firewall-rule> | Firewall rule to be inserted (name or id) | 
| Value | Summary | 
|---|---|
| --insert-after <firewall-rule> | Insert the new rule after this existing rule (name or ID) | 
| -h, --help | Show this help message and exit | 
| --insert-before <firewall-rule> | Insert the new rule before this existing rule (name or ID) | 
29.5. firewall group policy create
Create a new firewall policy
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| <name> | Name for the firewall policy | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| --share | Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project). | 
| --public | Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release. | 
| --no-audited | Disable auditing for the policy | 
| --no-firewall-rule | Unset all firewall rules from firewall policy | 
| --audited | Enable auditing for the policy | 
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. | 
| --no-share | Restrict use of the firewall policy to the current project | 
| --firewall-rule <firewall-rule> | Firewall rule(s) to apply (name or id) | 
| --private | Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release. | 
| --description DESCRIPTION | Description of the firewall policy | 
| -h, --help | Show this help message and exit | 
| --project <project> | Owner’s project (name or id) | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.6. firewall group policy delete
Delete firewall policy(s)
Usage:
openstack firewall group policy delete [-h]
                                              <firewall-policy>
                                              [<firewall-policy> ...]
openstack firewall group policy delete [-h]
                                              <firewall-policy>
                                              [<firewall-policy> ...]| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy(s) to delete (name or id) | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
29.7. firewall group policy list
List firewall policies
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric | 
| Value | Summary | 
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| --long | List additional fields in output | 
29.8. firewall group policy remove rule
Remove a rule from a given firewall policy
Usage:
openstack firewall group policy remove rule [-h]
                                                   <firewall-policy>
                                                   <firewall-rule>
openstack firewall group policy remove rule [-h]
                                                   <firewall-policy>
                                                   <firewall-rule>| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy to remove rule (name or id) | 
| <firewall-rule> | Firewall rule to remove from policy (name or id) | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
29.9. firewall group policy set
Set firewall policy properties
Usage:
| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy to update (name or id) | 
| Value | Summary | 
|---|---|
| --share | Share the firewall policy to be used in all projects (by default, it is restricted to be used by the current project). | 
| --public | Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project.) This option is deprecated and would be removed in R release. | 
| --no-audited | Disable auditing for the policy | 
| --no-firewall-rule | Remove all firewall rules from firewall policy | 
| --audited | Enable auditing for the policy | 
| --no-share | Restrict use of the firewall policy to the current project | 
| --firewall-rule <firewall-rule> | Firewall rule(s) to apply (name or id) | 
| --private | Restrict use of the firewall policy to the current project.This option is deprecated and would be removed in R release. | 
| --description DESCRIPTION | Description of the firewall policy | 
| -h, --help | Show this help message and exit | 
| --name <name> | Name for the firewall policy | 
29.10. firewall group policy show
Display firewall policy details
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy to show (name or id) | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.11. firewall group policy unset
Unset firewall policy properties
Usage:
openstack firewall group policy unset [-h]
                                             [--firewall-rule <firewall-rule> | --all-firewall-rule]
                                             [--audited] [--share] [--public]
                                             <firewall-policy>
openstack firewall group policy unset [-h]
                                             [--firewall-rule <firewall-rule> | --all-firewall-rule]
                                             [--audited] [--share] [--public]
                                             <firewall-policy>| Value | Summary | 
|---|---|
| <firewall-policy> | Firewall policy to unset (name or id) | 
| Value | Summary | 
|---|---|
| --share | Restrict use of the firewall policy to the current project | 
| --public | Restrict use of the firewall policy to the current project. This option is deprecated and would be removed in R release. | 
| --audited | Disable auditing for the policy | 
| --all-firewall-rule | Remove all firewall rules from the firewall policy | 
| --firewall-rule <firewall-rule> | Remove firewall rule(s) from the firewall policy (name or ID) | 
| -h, --help | Show this help message and exit | 
29.12. firewall group rule create
Create a new firewall rule
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| --destination-port <destination-port> | Destination port number or range(integer in [1, 65535] or range like 123:456) | 
| --no-destination-ip-address | Detach destination ip address | 
| --source-ip-address <source-ip-address> | Source ip address or subnet | 
| --share | Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project). | 
| --no-source-ip-address | Detach source ip address | 
| --private | Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release. | 
| --enable-rule | Enable this rule (default is enabled) | 
| --name <name> | Name of the firewall rule | 
| --no-source-port | Detach source port number or range | 
| --destination-ip-address <destination-ip-address> | Destination ip address or subnet | 
| -h, --help | Show this help message and exit | 
| --description <description> | Description of the firewall rule | 
| --project-domain <project-domain> | Domain the project belongs to (name or id). this can be used in case collisions between project names exist. | 
| --action {allow,deny,reject} | Action for the firewall rule | 
| --ip-version <ip-version> | Set ip version 4 or 6 (default is 4) | 
| --source-port <source-port> | Source port number or range(integer in [1, 65535] or range like 123:456) | 
| --no-share | Restrict use of the firewall rule to the current project | 
| --no-destination-port | Detach destination port number or range | 
| --project <project> | Owner’s project (name or id) | 
| --disable-rule | Disable this rule | 
| --public | Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release | 
| --protocol {tcp,udp,icmp,any} | Protocol for the firewall rule | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.13. firewall group rule delete
Delete firewall rule(s)
Usage:
openstack firewall group rule delete [-h]
                                            <firewall-rule>
                                            [<firewall-rule> ...]
openstack firewall group rule delete [-h]
                                            <firewall-rule>
                                            [<firewall-rule> ...]| Value | Summary | 
|---|---|
| <firewall-rule> | Firewall rule(s) to delete (name or id) | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
29.14. firewall group rule list
List firewall rules that belong to a given tenant
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| --quote {all,minimal,none,nonnumeric} | When to include quotes, defaults to nonnumeric | 
| Value | Summary | 
|---|---|
| output formatter options-f {csv,json,table,value,yaml}, --format {csv,json,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| --sort-column SORT_COLUMN | Specify the column(s) to sort the data (columns specified first have a priority, non-existing columns are ignored), can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| --long | List additional fields in output | 
29.15. firewall group rule set
Set firewall rule properties
Usage:
| Value | Summary | 
|---|---|
| <firewall-rule> | Firewall rule to set (name or id) | 
| Value | Summary | 
|---|---|
| --share | Share the firewall rule to be used in all projects (by default, it is restricted to be used by the current project). | 
| --no-source-ip-address | Detach source ip address | 
| --source-ip-address <source-ip-address> | Source ip address or subnet | 
| --ip-version <ip-version> | Set ip version 4 or 6 (default is 4) | 
| --private | Restrict use of the firewall rule to the current project.This option is deprecated and would be removed in R release. | 
| --no-source-port | Detach source port number or range | 
| --name <name> | Name of the firewall rule | 
| --enable-rule | Enable this rule (default is enabled) | 
| --destination-port <destination-port> | Destination port number or range(integer in [1, 65535] or range like 123:456) | 
| --source-port <source-port> | Source port number or range(integer in [1, 65535] or range like 123:456) | 
| --disable-rule | Disable this rule | 
| --no-share | Restrict use of the firewall rule to the current project | 
| --no-destination-port | Detach destination port number or range | 
| --no-destination-ip-address | Detach destination ip address | 
| --destination-ip-address <destination-ip-address> | Destination ip address or subnet | 
| -h, --help | Show this help message and exit | 
| --description <description> | Description of the firewall rule | 
| --protocol {tcp,udp,icmp,any} | Protocol for the firewall rule | 
| --action {allow,deny,reject} | Action for the firewall rule | 
| --public | Make the firewall policy public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R Release | 
29.16. firewall group rule show
Display firewall rule details
Usage:
| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| <firewall-rule> | Firewall rule to display (name or id) | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.17. firewall group rule unset
Unset firewall rule properties
Usage:
| Value | Summary | 
|---|---|
| <firewall-rule> | Firewall rule to unset (name or id) | 
| Value | Summary | 
|---|---|
| --share | Restrict use of the firewall rule to the current project | 
| --public | Restrict use of the firewall rule to the current project. This option is deprecated and would be removed in R Release. | 
| --enable-rule | Disable this rule | 
| --destination-port | Destination port number or range(integer in [1, 65535] or range like 123:456) | 
| --source-ip-address | Source ip address or subnet | 
| -h, --help | Show this help message and exit | 
| --destination-ip-address | Destination ip address or subnet | 
| --source-port | Source port number or range(integer in [1, 65535] or range like 123:456) | 
29.18. firewall group set
Set firewall group properties
Usage:
| Value | Summary | 
|---|---|
| <firewall-group> | Firewall group to update (name or id) | 
| Value | Summary | 
|---|---|
| --share | Share the firewall group to be used in all projects (by default, it is restricted to be used by the current project). | 
| --no-port | Detach all port from the firewall group | 
| --disable | Disable firewall group | 
| --public | Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release. | 
| --no-egress-firewall-policy | Detach egress firewall policy from the firewall group | 
| --enable | Enable firewall group | 
| --egress-firewall-policy <egress-firewall-policy> | Egress firewall policy (name or id) | 
| --no-share | Restrict use of the firewall group to the current project | 
| --no-ingress-firewall-policy | Detach ingress firewall policy from the firewall group | 
| --private | Restrict use of the firewall group to the current project. This option is deprecated and would be removed in R release. | 
| --port <port> | Port(s) (name or id) to apply firewall group. this option can be repeated | 
| --name NAME | Name for the firewall group | 
| -h, --help | Show this help message and exit | 
| --description <description> | Description of the firewall group | 
| --ingress-firewall-policy <ingress-firewall-policy> | Ingress firewall policy (name or id) | 
29.19. firewall group show
Display firewall group details
Usage:
openstack firewall group show [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     <firewall-group>
openstack firewall group show [-h] [-f {json,shell,table,value,yaml}]
                                     [-c COLUMN] [--max-width <integer>]
                                     [--fit-width] [--print-empty]
                                     [--noindent] [--prefix PREFIX]
                                     <firewall-group>| Value | Summary | 
|---|---|
| --print-empty | Print empty table if there is no data to show. | 
| --max-width <integer> | Maximum display width, <1 to disable. you can also use the CLIFF_MAX_TERM_WIDTH environment variable, but the parameter takes precedence. | 
| --fit-width | Fit the table to the display width. implied if --max- width greater than 0. Set the environment variable CLIFF_FIT_WIDTH=1 to always enable | 
| Value | Summary | 
|---|---|
| <firewall-group> | Firewall group to show (name or id) | 
| Value | Summary | 
|---|---|
| output formatter options-f {json,shell,table,value,yaml}, --format {json,shell,table,value,yaml} | The output format, defaults to table | 
| -c COLUMN, --column COLUMN | Specify the column(s) to include, can be repeated | 
| Value | Summary | 
|---|---|
| --noindent | Whether to disable indenting the json | 
| Value | Summary | 
|---|---|
| -h, --help | Show this help message and exit | 
| Value | Summary | 
|---|---|
| a format a UNIX shell can parse (variable="value")--prefix PREFIX | Add a prefix to all variable names | 
29.20. firewall group unset
Unset firewall group properties
Usage:
openstack firewall group unset [-h] [--port <port> | --all-port]
                                      [--ingress-firewall-policy]
                                      [--egress-firewall-policy]
                                      [--public | --share] [--enable]
                                      <firewall-group>
openstack firewall group unset [-h] [--port <port> | --all-port]
                                      [--ingress-firewall-policy]
                                      [--egress-firewall-policy]
                                      [--public | --share] [--enable]
                                      <firewall-group>| Value | Summary | 
|---|---|
| <firewall-group> | Firewall group to unset (name or id) | 
| Value | Summary | 
|---|---|
| --share | Restrict use of the firewall group to the current project | 
| --all-port | Remove all ports for this firewall group | 
| --public | Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project). This option is deprecated and would be removed in R release. | 
| --enable | Disable firewall group | 
| --ingress-firewall-policy | Ingress firewall policy (name or id) to delete | 
| --egress-firewall-policy | Egress firewall policy (name or id) to delete | 
| --port <port> | Port(s) (name or id) to apply firewall group. this option can be repeated | 
| -h, --help | Show this help message and exit |