|
|
neutron中使用openstack命令创建删除安全组及规则$ S( @& f1 s6 Z2 X1 c l
! D* c, d9 p+ `8 @4 K, Y9 i删除安全组:: R7 t' h9 s* v
[root@controller ~]# openstack security group list1 O1 u$ p& x- |0 f. W0 E! M8 A
+--------------------------------------+---------+------------------------+----------------------------------+------+! j* t% V" _4 \. k9 \
| ID | Name | Description | Project | Tags |: S y3 p/ Z; e) W
+--------------------------------------+---------+------------------------+----------------------------------+------+
0 V/ W3 U- J9 c) b+ x' i| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |- m! n: z, f/ s& h: f
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |( d2 b, ?$ Y2 c, s6 z
+--------------------------------------+---------+------------------------+----------------------------------+------+
, \/ o7 t, i$ O+ a0 i5 R* G& L7 S9 \7 C[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a + U% w) H p" O& u. F: |
) R! E5 ?/ z% ]* M: _0 A
& `' W$ i) ^) l i9 P: E- I查看安全组:" a) f6 n' _8 n3 k5 k L! L
[root@controller ~]# openstack security group list - X1 k: u# l; D! M! j
+--------------------------------------+---------+------------------------+----------------------------------+------+& g% ]& A4 `- h- [9 Z/ W; A$ W
| ID | Name | Description | Project | Tags |0 \$ R1 B) J/ G7 c" ?$ g
+--------------------------------------+---------+------------------------+----------------------------------+------+
# _4 b- j) g& H# `" m, h| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
\. l, [/ T- J1 S, E6 `5 ^: ~2 t- l+--------------------------------------+---------+------------------------+----------------------------------+------+3 h5 _. U" |5 ?, U
查看安全组规则:, h6 _- o8 x( b) z$ l: W; M. l
[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a
7 t+ K* P( g; t0 {& e" y6 u+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+: u) }0 v; L, P, ~/ B7 T
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
# d6 u# |5 N" \+ W1 ?0 _+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
6 n2 @6 O8 L; s$ ]. \; U3 q/ E| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |
/ c% T9 H% p' L1 z| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |
3 b C5 L$ ?, ]4 g| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
& I4 C3 S3 h7 w4 p6 \| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
8 v1 L O4 t) s0 M3 V S+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
% I0 s& Q& s3 a7 W0 b7 b: J6 K, l' s1 r( }' Z: n8 U% N0 s" e3 z
. l* Z5 S1 o! {8 [& r+ z2 Y
创建安全组:
T- S1 }. `1 j( u( c4 ~8 J+ S& Z T: j" v% z
[root@controller ~]# openstack security group create sshopen
" Z+ c; v k& H( y& V9 J1 T! C8 u+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
z" V S' T9 P6 u$ l: k| Field | Value |
! Q. {/ w; R5 e9 l+ ?; Q+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 P9 A" t8 z& R$ ?. l% `| created_at | 2021-03-27T12:56:50Z | v, K# P+ ^: i8 |0 Z
| description | sshopen |6 {. Y4 F. d7 j; W" ?' r# D
| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
. f/ J' Q- N8 U* C7 f| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
1 `: e4 [! d. A; j* @| name | sshopen |
9 m1 f( n. C. i% H| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |) B$ |' ?$ u5 |6 r0 v% ?/ a6 G
| revision_number | 1 |
i+ [/ K* |( ?8 [5 V4 ~6 g| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |
5 Z: M" f1 x) n8 Z| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |7 X3 N8 U/ X* }5 V4 v2 Y
| stateful | True |1 [0 u8 a/ {- y" \
| tags | [] |7 C$ w2 q, P% K1 X
| updated_at | 2021-03-27T12:56:50Z |
% s2 @+ |3 {- j/ |* b, q+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
6 S1 P- h' n. Z; d+ @) x$ W+ l2 b+ Z! ^! [% Y- Z
1 i# O( b' t; V1 r M! B( `" c) F- j
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0
$ X. r5 e% I# v9 }$ Q$ ?; N+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+4 _; o! i0 z6 V/ j6 x$ L; C2 H
| Field | Value | E9 @# u4 \) a
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+6 ~, ^- B2 R) h( {( Q
| created_at | 2021-03-27T13:11:38Z |
' X; K7 z( u3 w8 y. y8 |0 i* P% l( U| description | ingress |" h" @; ]5 Y9 E' G
| direction | ingress |6 \% i- |8 a# H }5 P& p
| ether_type | IPv4 |
9 p6 |) L: K7 u/ `| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |4 P w) g y7 C8 l4 W6 i: @& U5 F
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |# q3 N! w: o8 U7 n% @% e a8 F6 k
| name | None |
' t9 f+ X! J9 P" v- G! }) [8 P| port_range_max | None |
! j p3 r2 t k% y" Q3 f| port_range_min | None |
# m, d6 t; m" u# ]| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |, ~2 |! c$ T6 U7 v/ Q7 y7 s
| protocol | tcp |# C8 O! D; V. m0 I$ p
| remote_group_id | None |
& e1 G0 \/ v8 P3 }; X| remote_ip_prefix | 0.0.0.0/0 |
! a/ E N# }& H+ [+ K4 r6 x* v| revision_number | 0 |
1 r2 l& m& J, H7 T7 O% N| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |- V, ]! n `6 |" U, W
| tags | [] |
! ?& y& ?$ D" K8 n4 G| updated_at | 2021-03-27T13:11:38Z |
: {6 q5 I2 l) D& w9 P$ w* K' N# y+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+( C% W8 O5 f! U: ]
0 e+ y4 s% N, I3 b- x% ]
添加一个22端口的安全组规则:
) O8 f# l( H% C& E[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0
0 W9 l& r8 E2 L f" ?+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+6 v4 a, Y5 K8 N* b9 w: C
| Field | Value |
! k/ m- X- z! x* d" U+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
. q2 m( R* ^6 w9 o| created_at | 2021-03-27T13:28:31Z |
1 g1 {! b- J0 y+ O- w* L3 j6 v0 o) @( A| description | ingress |5 h$ }" s' _, F. ^
| direction | ingress |
# Q$ G7 w& L1 f y/ v9 [% n: ]% N| ether_type | IPv4 |
6 }: ~% ?( T' B6 @| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |& F0 N$ N3 S5 ]; ~
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |6 p! u0 G6 O7 V( R7 s& M% z5 |7 a
| name | None |
, `. G- u! y. S9 q3 O| port_range_max | 22 |
7 U9 h7 Y1 l. y4 b; v3 ?/ Y9 w0 M( i| port_range_min | 22 |
+ v8 h, O p; y6 J. o$ A| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
- Y7 s: m# H8 ^2 C# s5 I0 b| protocol | tcp |1 b' ]0 @* p& D
| remote_group_id | None |- K: V3 l* k4 O7 @; m' w9 j4 `8 L6 T
| remote_ip_prefix | 0.0.0.0/0 |) I% j7 x( U+ L" d
| revision_number | 0 |( N0 B" O0 |* w3 s
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
- ~$ D4 H& y' l- I# s| tags | [] |4 V6 s& Z# ^5 x, c
| updated_at | 2021-03-27T13:28:31Z |/ f* q" r9 o- w! A. Q# y. ^
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+# n F R k+ d4 Q+ ~) J
J/ ~) m# a- K+ B9 n5 ?, x1 s添加一条tcp协议的22-65535的端口规则:
( l( Q/ p3 |0 q
/ f" N9 d7 r% U1 w[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/07 T4 N) d$ a# U6 ]8 `; L
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 b2 t# {' H1 F| Field | Value |: ]- D! `% p. h5 q( K7 E1 |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+1 Q3 I4 J+ Q' x: U9 n8 k4 B
| created_at | 2021-03-27T14:01:00Z |
& f9 b: P3 X' }/ x| description | 22(ssh) |
( v J7 ?0 M9 Z- q$ j| direction | ingress |3 t0 n" A- g3 M, ]3 f7 ?3 V
| ether_type | IPv4 |
: _" ~( w! n) G, j, @% s! N/ r| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
1 h) |) [7 E: O) u. G% }4 i+ o| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |8 K' u3 P, R5 n. l8 b: ?& B. X
| name | None |
d1 K1 {$ c' Z6 H- q$ || port_range_max | 65535 |; s: ?& [/ I$ M, }4 o
| port_range_min | 22 |
8 I$ g0 ^3 P) \$ }7 E: M| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
/ x9 O: R8 n$ W9 w! y* r| protocol | tcp |
9 F: M0 w7 l9 C% O1 h% U| remote_group_id | None |9 f2 z& x, O0 Y6 D- }
| remote_ip_prefix | 0.0.0.0/0 |. \5 U) ^3 }9 U5 N' _5 {* j; c
| revision_number | 0 |' R# I, o$ X7 O/ e" a
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |* o b6 r! R& J$ y1 r% E3 j
| tags | [] |
! W d+ x1 C/ Z! E: ^$ j* U| updated_at | 2021-03-27T14:01:00Z |6 B- {. N: }. K
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- C+ i8 I1 `. j% b, I1 ~9 I N8 S) }5 y; M6 S9 R3 S
删除安全组规则:
9 W2 ?: F. C' m. t+ i% b- B$ B[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251
6 O. Y3 J6 s+ Y' \+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
: G8 Q: }! K$ x6 _) ^* A& }' f| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |$ I4 J0 M7 Q/ Q
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
+ S9 n3 P: a( ~| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |% T! \3 K6 W' y" Z5 F
| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |5 ?, H2 j2 j# s
| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |) x: x! G$ H! S& f$ _+ `
| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
3 N1 \/ F2 x3 N0 i) x+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
9 R1 |/ k6 q% Q. P/ t2 O, X[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860
) b! ]) v2 Y2 x% C1 p f; V h# f0 K, O0 l5 Q9 B4 a' F
8 s( f3 J) K# y4 d$ |, G! r$ d, J# Z9 t. ?3 o4 G5 Y2 d8 h0 g5 @
|
|
发表于 2021-3-26 20:56:44