|
|
neutron中使用openstack命令创建删除安全组及规则
% K. q7 a' R8 j3 Z3 u
" ~( R4 J, [% i/ x Y删除安全组:
9 x1 `1 T3 {- g# W[root@controller ~]# openstack security group list+ Z( w7 N5 W& R
+--------------------------------------+---------+------------------------+----------------------------------+------+, M: C/ J0 F! Z0 {! ^
| ID | Name | Description | Project | Tags |1 E; F! z, L3 z6 O5 d
+--------------------------------------+---------+------------------------+----------------------------------+------+; F/ @7 s/ ?7 \3 p% z
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |9 l/ I8 O5 |+ P) W
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
$ X8 e: |2 q+ ^. O) ^1 C: e+--------------------------------------+---------+------------------------+----------------------------------+------+
^+ s6 D4 }- }. ? S[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a ) K: a/ d. ?& s' R$ C" L% ?
7 x" i' g( Z5 q$ g# t/ c! V
1 {" B& m# B! A4 Y. N) f查看安全组:
} G8 ?+ ]3 o3 G# Y% X[root@controller ~]# openstack security group list 8 V- f$ {$ E0 \
+--------------------------------------+---------+------------------------+----------------------------------+------+4 n% a/ A$ f# I" [
| ID | Name | Description | Project | Tags |
, T/ z q& A" \* P2 N% B9 H& n) B+--------------------------------------+---------+------------------------+----------------------------------+------+
; r. s3 k" F( T$ B7 |3 I1 g% t2 || 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
7 |0 M" a0 r8 \* ?+--------------------------------------+---------+------------------------+----------------------------------+------+2 P0 ^+ N( y: x7 }* O( Y7 R0 `
查看安全组规则:
) D. m, g' u- h0 N+ l5 B[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a ! }3 w+ j$ h- f3 n' o3 p# C% i
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+: K( m% o0 E( [0 `; W8 ~/ H# J' @9 Z
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
! D+ b# o0 ~' C! M+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+# D0 J7 w. c7 C8 B" @: {, O! p R
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |
. ]: `- U; I8 m7 z. j0 [| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |3 Q4 [. C! Q" _
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
, G/ @) Z! W3 S2 V. a| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |. l5 U" G# G) {7 O7 G
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
' f. F( p7 ]4 Q4 U+ U3 i d8 O/ @ D# R. Q
7 }% V9 B3 v/ E. k/ p7 G, P创建安全组:
0 N8 K/ R3 R3 C3 b+ P* i" m5 z4 }5 n" Q# {& m
[root@controller ~]# openstack security group create sshopen, d q1 Z, e5 W8 [2 ^; a( q) D
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+) G- K; `8 f, V7 } _8 a0 K
| Field | Value |6 w, y; D1 X C: G+ M% i* e
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- y, N% f! F6 D1 P" [/ ?| created_at | 2021-03-27T12:56:50Z |5 H G& Z+ W0 }9 ^+ Z
| description | sshopen |
9 r @9 p4 }* n# \. o: r7 j| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |* [9 ~) T W0 ?" O
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |* [5 k$ j3 I% X+ {
| name | sshopen |
# Q0 q$ S7 C1 S- t4 V| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |& T) v1 Q8 _/ P$ N8 z# S
| revision_number | 1 |) T! l. v C2 U2 `: f
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |( e% c& C2 R! Q1 j, p! }" w
| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |
9 L8 l" Y& J z# G6 Q! F| stateful | True |) D6 ]1 p" M" H, U/ r
| tags | [] |1 p0 Z; X1 h0 j* a# J# w6 Q
| updated_at | 2021-03-27T12:56:50Z |
- d$ r k& O% P" Z# ]& ^8 g+ @4 t+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+3 L* b: O! X5 t* x. C2 O. S
0 H) a5 ]) t v4 h; b, ~8 V
6 O6 F1 k& C$ |! c' n
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/00 T0 g- |* n' z. A( g
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
" E' T8 d4 O% b% j+ ~" ], E3 J| Field | Value |5 u! `* i2 h3 Q( |% N$ O) v& y- x
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ `* n$ s2 x( X4 _| created_at | 2021-03-27T13:11:38Z |
" d( n5 M; P, A$ G, A# ^| description | ingress |
# F2 Z' d7 y; M# Q) B5 P| direction | ingress |
H6 v, E' w2 P| ether_type | IPv4 |
- g* j! q i+ y0 i5 k) _, z| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |
" G3 M# [9 ?" \4 {( l, `$ c0 L| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |$ b+ d: l: i$ s2 Q
| name | None |! e( x8 K4 U, x+ }4 k
| port_range_max | None |; ~" A8 `# H( Y$ Z% i( o% F
| port_range_min | None |- b3 J" h" v2 u2 [
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |. E- Q: ]: H% c
| protocol | tcp |
, U/ |* a1 P7 P; Y3 w: `" A( `/ X. D| remote_group_id | None |
- k; b5 b) W" R| remote_ip_prefix | 0.0.0.0/0 |
( K4 K0 M( [! J5 d0 C| revision_number | 0 |8 z- [, g1 S8 ~: @
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
4 A, O f- E5 k8 @$ j$ B0 S7 Q| tags | [] |
5 q0 I4 u, X; E| updated_at | 2021-03-27T13:11:38Z |
+ I. \! V! v$ y5 n1 S: z, {2 H+ a+ o+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
. ~" f" ]7 I: \; p0 F4 @, _, i M
1 I7 C( u/ Q0 f添加一个22端口的安全组规则:
\8 ?8 k$ }5 A* h. @$ B[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0
" B* Z7 t# h' p0 |) X4 E+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [" n# h6 k1 W2 J% p' {
| Field | Value |% @9 _- u# s/ `: \; O. _1 D" I
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+- b. x& s# m4 y0 I! X8 }4 Y
| created_at | 2021-03-27T13:28:31Z |
( i# ?( L e, l+ K| description | ingress |
+ u$ T5 Z9 Q# Q" K& V A: I| direction | ingress |
. t% J- Q' R8 d% [3 F& \| ether_type | IPv4 |
6 J. r- @/ S; k* Y; Y| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |0 x+ @/ ?* Q+ O. C# y
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
# H m+ _" ^% E' x9 m| name | None |' D2 f7 M: b0 [/ x
| port_range_max | 22 |+ n" c9 s* D3 {8 F7 ~
| port_range_min | 22 |8 k+ v: V6 c6 F8 D
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
/ ~8 g" p1 l. k1 r r| protocol | tcp |
7 x5 m5 L7 m# ^, T7 K Q1 n( L; K| remote_group_id | None |9 o- r. J2 Q2 b5 N9 p& Y' f
| remote_ip_prefix | 0.0.0.0/0 |$ c, x2 z. H, q. D1 `8 s
| revision_number | 0 |
* ?! t. Q4 a5 T| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
% y; y; W8 P; E: f| tags | [] |: A. L0 h2 ` o4 D2 \
| updated_at | 2021-03-27T13:28:31Z |
' Q/ s: ?% X9 @6 X+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9 H! M; k' c: M# o: F8 }$ X" Q( S. |
添加一条tcp协议的22-65535的端口规则:
8 w4 u$ A: }5 K2 o1 A z9 @* r$ G2 ^7 w+ E5 w% g/ m3 D
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/04 X+ `- g' @7 V2 ^' |* Z
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
! s6 _' q- Y' u4 t| Field | Value |
8 \/ |; f8 V) J+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+) x3 Z& }* P+ F: a. @6 j
| created_at | 2021-03-27T14:01:00Z |
0 D6 B8 k3 q/ |8 z. u| description | 22(ssh) |; }4 G; d9 m7 s( M" y
| direction | ingress |. m) o0 d! U$ _7 S! W" t1 l: n
| ether_type | IPv4 |
4 k2 i$ z! a' m' D7 E Q( g| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |, r' Y: d/ m& K: X9 F" v [
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
* a; }4 x9 ]1 c- l| name | None |" k$ o8 P& F# {- H6 J) O$ N
| port_range_max | 65535 |1 ]8 J/ L; {( N1 x! W" u, d! v
| port_range_min | 22 |" I! D! P3 u0 H" B5 z0 F7 X
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |. w) R S% \0 o/ o- `
| protocol | tcp |
7 U1 b+ r, O5 v0 e! X| remote_group_id | None |7 W; T, s$ d# A6 ~# [1 X1 `6 ~! c
| remote_ip_prefix | 0.0.0.0/0 |
+ i4 A/ B$ x6 l| revision_number | 0 |
" r0 K- B4 c, |" p. O; V| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
* f; C1 T, k! Y4 c5 R| tags | [] |
4 h, E# S6 {7 c, p, K% y# Z+ g| updated_at | 2021-03-27T14:01:00Z |
- H, X; S6 G8 q( h+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+* g& m! p! j) Q- S( ^3 L
8 c# M0 y) s) g( D" r删除安全组规则:, W j h9 G2 f. H0 T4 p
[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251
8 B; D. ~. B$ u& K; }$ o9 @8 ?+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+ c2 r9 S! b0 [0 y: C n% h5 R
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |+ d3 d* {' U6 A
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
. b% t8 A) \$ `$ Y+ @1 P; B| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |) b- f8 w5 U f7 K. ^
| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |8 X* {8 R" _2 O6 ^; k2 o' _
| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None | N8 E% w- X1 y: C% P# ]+ V8 Z
| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |1 z% \! o, D% G% x4 o9 t2 i1 f
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
D0 u" t* `+ b9 F T[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860
4 Q5 b' X! S# S0 y! r
/ U/ g2 x8 j3 x/ Z2 F u; h/ c7 J7 e( v) F. H9 v6 l
T+ e' w { A e( s! `
|
|
发表于 2021-3-26 20:56:44