- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
neutron中使用openstack命令创建删除安全组及规则9 {/ k" D4 G2 T2 O* |/ Q
( G: P4 }7 j- D6 q& e4 e+ [删除安全组:
% H! S7 N2 k4 j9 s* F: x[root@controller ~]# openstack security group list" G2 J0 T, {5 a$ N [$ |3 [
+--------------------------------------+---------+------------------------+----------------------------------+------++ e \7 V1 ]! w* T! C
| ID | Name | Description | Project | Tags |
6 Q. z; }* v/ } F8 p L+--------------------------------------+---------+------------------------+----------------------------------+------+3 p2 D/ P4 V1 |) G9 p2 A8 s$ ?; h
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
* `& P( I! _: }' G% P9 W! Q| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |& j4 c' N8 l5 y$ N U4 \' _
+--------------------------------------+---------+------------------------+----------------------------------+------+
, T& q1 v7 F% Q0 J% K& M[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a
# c n' N( I; L( W, D( w; {4 L: j3 y& M# W3 _* r' @8 s
( }. X& G% ~1 W+ ` Q9 `9 y: i查看安全组:! ^: y" \; f* ?2 L" W! ~6 _5 _% a
[root@controller ~]# openstack security group list
/ O1 O# a9 e! [' k+--------------------------------------+---------+------------------------+----------------------------------+------+
6 p& Q2 [1 {2 Y( p f2 B9 y9 Z| ID | Name | Description | Project | Tags |) g, H1 r2 P! T! W& B+ _
+--------------------------------------+---------+------------------------+----------------------------------+------+( n7 v6 O7 y* q) j9 n+ B
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] | t. h5 H! k% @- t' H }
+--------------------------------------+---------+------------------------+----------------------------------+------+. Y* b9 Q7 M/ l
查看安全组规则:
2 q# e" c: t" w( e[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a 0 y0 l9 T5 z+ V: x2 q. D5 y
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+. J* ?/ }- ]! h9 m% m( ?; c
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
' d# p8 i6 U1 D7 f+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+& J3 k: @( p2 \; d' H0 H) C
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |
$ k) O- E, S6 b: ?, |2 G| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |- n, P" Z/ k4 {1 M9 O
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |+ P6 v$ d& D/ v# Y9 w
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
9 F5 V! [! J7 u6 W: ]: R j/ _) Q+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
0 e- U- j2 Y/ G9 _2 @3 F, o, H6 v$ |# k9 I
+ O" Y9 s$ x- N. H" t: R' Z/ T创建安全组:6 w0 t( v/ Z$ C
1 A0 ^# @* w7 T9 S {5 k[root@controller ~]# openstack security group create sshopen8 H* g" x' a1 [+ k9 X
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+ `) `* e! b( ?$ ~| Field | Value |# c" |7 ?% r8 |! h3 H5 X+ f
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4 w6 R( N5 F) R# |0 d; ]| created_at | 2021-03-27T12:56:50Z |
# U' x9 x2 F) ?& H| description | sshopen |
# S3 _$ U. A" \: f$ r3 K| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |4 j% n# c1 W( h% g6 ]) j+ ]
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |" z# Y! a3 c" [4 c7 Z# @* e
| name | sshopen |
; n: T k* s. p3 b| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
* W" ]5 A B4 _| revision_number | 1 |. U0 Y+ R/ N) ?) ]+ S) I
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |
( _& \1 R" b/ u1 Q| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |
1 L4 o0 a2 j# t# f5 b| stateful | True |
% X& c3 N# F' w# t| tags | [] |; V) L; d& u; ]6 J1 H3 ^0 A$ ?
| updated_at | 2021-03-27T12:56:50Z | N, n9 z' W; L! `* g
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
) H4 _9 G5 {+ Y% n
/ Z H/ D7 F% |- r' F4 S: r) F; A; w& N5 l' N9 v: F/ x8 u& i
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0
1 f& \+ n7 P* V c+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
$ w: L- \% |) C| Field | Value |( U1 O* [2 \6 p2 R2 |
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+# Y) K; n' B1 X! o- y l1 e
| created_at | 2021-03-27T13:11:38Z |
6 S2 X* n* \% e c7 Q, E| description | ingress |
# c j! e% I( h. f| direction | ingress |
! n& _7 O; @1 R( A| ether_type | IPv4 |. o; V9 \* J! p. F& {
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |% J( J3 h% l' r0 T) I: @
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
( L; n+ p* ]' M- o; N- M f: o| name | None |6 X3 ]# N# ~, w& B' @
| port_range_max | None |8 n, `. G5 B& k3 M/ Q3 t
| port_range_min | None |
" _7 p- f9 x7 i5 X8 u8 Z| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
+ r2 ?, m4 U* c6 e| protocol | tcp |6 n5 L z0 B& C; M% T
| remote_group_id | None |
- _8 A; H7 v3 Y! B) e) v1 l- z5 O| remote_ip_prefix | 0.0.0.0/0 |
; V* E3 p( u) H, r| revision_number | 0 |! f: Z _" B8 y0 T& U/ y
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
2 E4 v) r- X% @5 R| tags | [] |5 q) p/ h. {1 k4 t
| updated_at | 2021-03-27T13:11:38Z |
! w; ]. R% {2 { ?1 Z/ E1 A p+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
6 H* Y8 O' }! Q5 A0 s: `) i& A4 w6 o8 N: R9 u% L/ t F6 x' J
添加一个22端口的安全组规则:
6 g- ~) Z9 I/ m1 Y3 x8 C- B. v% S[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0
3 Y# D* a0 ?! o& c- K+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+ ~- C, A0 n+ H9 [
| Field | Value |
& D. C: U. H3 }5 m+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+- S2 y7 d+ ~6 o
| created_at | 2021-03-27T13:28:31Z |
( _, u$ p% I( }" G; y6 j+ B* g3 _( `| description | ingress |
4 ^. s& a) k. C) a% r# }4 b3 R# z| direction | ingress |
" P0 u, c: w1 S3 B+ T7 t0 J| ether_type | IPv4 |, L: S/ a: a+ b5 W
| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |3 I0 T' a. G; R" Y
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
2 }4 n. q0 J5 G( i0 a| name | None |
1 N; _1 t8 G2 q" m* h0 @4 b3 F| port_range_max | 22 |
( C" c+ q! Y' E9 X; E| port_range_min | 22 |2 G! s' _( }6 v- w' |+ x. i2 F+ H
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |+ t7 z6 `5 X# h7 c6 W
| protocol | tcp |
$ y% J7 z' B; T- M( f$ [| remote_group_id | None |5 _% d" M$ `6 K( x7 i$ ?
| remote_ip_prefix | 0.0.0.0/0 |
: l) P3 ~; @1 n| revision_number | 0 |$ P B! H* V2 v! g1 c
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
/ |# Z- q6 W. K" n2 Z6 ~| tags | [] |$ f$ p3 ^, |0 P# }2 e4 u4 e
| updated_at | 2021-03-27T13:28:31Z |
. w+ {& M7 n/ ?' {+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4 e7 H. S) ~0 @3 t
& R; |# k3 T% v1 i9 W添加一条tcp协议的22-65535的端口规则:
# f3 D: o7 f/ N5 m0 I- W2 } f5 ]9 f3 `8 R
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0: I! K# r# s" o* x3 H, U
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+- S! t" Z* }+ N4 j i8 m
| Field | Value |, V k' M$ Z. J8 D
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+: k9 V9 I$ U* S/ N1 q" k7 ?
| created_at | 2021-03-27T14:01:00Z |
( q& c F. {+ i( R ~! l| description | 22(ssh) |# ^9 T; A$ \# p: v; ]) i
| direction | ingress |* i" r# r. I$ k5 F
| ether_type | IPv4 |' p) K. X' `/ ?9 a
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
) _9 H k7 |# {- r" t| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
; Q/ k m# n' [8 W% a R| name | None |
- f5 N, G$ c. x; {| port_range_max | 65535 |
" \- ` r7 e% J. E| port_range_min | 22 |$ v! {1 G0 ^) k6 d7 E* K5 x
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
# g+ z9 o+ X0 n| protocol | tcp |
# j' D* g" ?0 f- M& W4 ^6 h2 Z| remote_group_id | None |
7 Y" S$ ~7 z6 b2 g7 x! p, y/ j| remote_ip_prefix | 0.0.0.0/0 |
- G6 Y: j$ @0 W6 K# N1 ]| revision_number | 0 |( @ ?: z% |) e) |: Q9 I9 s8 t
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
4 \3 v. J1 h9 [9 z7 f+ Q# {| tags | [] |- ]; p2 s2 F9 i; D0 m
| updated_at | 2021-03-27T14:01:00Z |" c6 S7 @5 Z# Q7 a8 w9 y) s* R
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 g/ f% {/ O$ y( J1 E* G6 u
; E- c) V( D" S A9 N* I' W8 c删除安全组规则:0 j! ^9 X e+ q- N2 J1 B
[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251
4 c6 ~: | j: w* S0 a1 a+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+' J4 F' ?8 X; z& X1 q7 ]3 {
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |) j" ~6 V8 R; @* f4 @3 y
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
5 g4 x% m0 X! k- O( D( O* r| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |
5 |& B4 g: V) F' |, O; Y4 ?/ R| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |
8 B2 C3 R {# [ d0 T$ o8 N| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |
% L7 O: k- i% d( T$ k5 S| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
) w7 ]1 R3 ]! v/ I+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
: }% u0 I+ W/ p[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860/ B- | `3 [4 |/ B& `
. j! w0 W1 U# t/ m+ w+ t* Z( z! d# ]$ D8 e7 h6 h: n4 y
+ f) j( S8 v0 \7 @1 `" a |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2021-3-26 20:56:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主