- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
neutron中使用openstack命令创建删除安全组及规则 h% ?% \2 g4 T( T `. a
6 j& W G, c* y$ j4 q& j删除安全组:
8 t5 I0 q2 t) N* ^[root@controller ~]# openstack security group list
) N: q; p. |. r0 E+ U/ e2 K/ S) j7 i# S+--------------------------------------+---------+------------------------+----------------------------------+------+2 i& P" N) u3 R1 [: w7 }- D, C( N
| ID | Name | Description | Project | Tags |! g4 m+ M3 G( S- u# p# S
+--------------------------------------+---------+------------------------+----------------------------------+------+
4 k3 Q6 t+ n7 _: L& B/ l( H# M| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |7 }; H" o+ q5 n, V0 t, P- R% a; D/ y
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |( K: X* ]# j8 T
+--------------------------------------+---------+------------------------+----------------------------------+------+
4 f; x+ o' B8 m) f/ f& D& T[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a
" v" z* O- n* o# L7 |7 W" U# Q* D/ w9 X' `
0 N, A' S& ]: Q" b" H/ q G$ }
查看安全组:
6 t7 _* K! \' @" M# }+ T) g[root@controller ~]# openstack security group list
2 r3 v1 N: g- i& |6 j% b+--------------------------------------+---------+------------------------+----------------------------------+------+# |' y2 S8 }1 e: T. z0 C ]0 g
| ID | Name | Description | Project | Tags |. p; E y ?% Q/ n$ b) N. H6 M
+--------------------------------------+---------+------------------------+----------------------------------+------+1 g& x; _) f! U7 ^
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
# E( D+ k( ^; w: c' ~; @4 |- P+--------------------------------------+---------+------------------------+----------------------------------+------+
. Q- Q5 g+ r8 W7 x8 b3 y4 [. |# H: F查看安全组规则:
$ I! d- C: q& k3 O* w4 ~+ W[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a
- m2 t7 m8 K5 G, c3 t/ |+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+% p7 i9 r) S+ {) n$ `
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |+ H% C4 b: z# d1 F
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+: e2 k6 R* |9 F* F- l8 J, H
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |: ~# A: a9 T! [! t4 U
| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |- d% d* P- ~+ a( `( S
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |' x. ~- _# I: e- Q$ g8 T
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |# [& ?* W: C8 Z4 X
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+% m0 e0 p8 K; o6 h* b$ F7 p" H
+ N7 A6 V8 c' J8 v1 f4 C
/ B. ^6 d3 f* ]4 s+ d$ n* F3 d
创建安全组:
0 E0 M8 E! o5 V& Z3 j; ]
* K1 I& L! a: S# V; U, D( M0 s[root@controller ~]# openstack security group create sshopen
* ]$ m0 I4 Q' M7 w% N+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+: X T3 ?1 Y0 v; y
| Field | Value |
4 e- s* N, X9 K8 K; i7 j+ L& w+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 y( n) ^8 f4 g% x! U5 f% @$ g4 L9 m
| created_at | 2021-03-27T12:56:50Z |
/ K) c; f, K; r| description | sshopen |
1 n7 t7 w( ^- U2 n1 B& S| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |* u8 a9 ~0 {. Z! B7 \6 X
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |; f' J5 e0 Q& _
| name | sshopen |
3 P { o @8 i7 D" ~2 ?1 E| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
0 G* I" n- D w) q7 y; `6 n| revision_number | 1 |8 j! f0 F. K( G0 K
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |
* _! h2 R3 c5 ]& [2 ?+ i2 G| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' | C; X* R( y) I7 M
| stateful | True |
2 S ~7 j. o& Z$ L9 g# I% @| tags | [] |
6 p* ?5 D U1 F| updated_at | 2021-03-27T12:56:50Z |
5 z5 `# D/ L+ ^0 N: J+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+6 R0 ]1 L& W2 _5 h
, O3 F- B& s/ S. W* r+ ~. v1 Y7 T7 y Q7 d3 c
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0/ c' J; t1 W4 s4 ~; ~2 C
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
. s6 a( p9 i* i4 R7 o| Field | Value |
& U) ?& y* y2 l! v. c9 t: C+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+" k9 K* e+ q0 ?& [5 }9 d& ^
| created_at | 2021-03-27T13:11:38Z |
& P: d8 l2 V" N3 D# e) S) _' M| description | ingress |
y4 W% C( q6 T2 r! k; \+ F| direction | ingress |
! w) h/ @& q2 R) `2 e" Z( t! D| ether_type | IPv4 |: r' x4 L$ _2 D+ ^3 _9 K( B
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |+ I9 z" v2 V: q5 t
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
# _$ d W; k0 l2 E2 r6 Y8 _| name | None |
/ C" @2 }3 `7 m. c) V| port_range_max | None |
, v6 n/ k1 L* u" X) m& J! T| port_range_min | None |
7 X; b- z% E7 F* X1 J| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
0 w8 y7 H4 ]9 W8 I9 ~- U. L| protocol | tcp |$ O2 Z3 f8 Z/ R( g( I: W
| remote_group_id | None |6 P2 C; z+ i8 s
| remote_ip_prefix | 0.0.0.0/0 |
& K/ x4 E! g4 i% T! x| revision_number | 0 |
. q9 b. k ]& v* Z9 e5 o6 y1 k| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |, ?; ?# G$ Z) R! P8 `* {, ]
| tags | [] |+ c/ z8 x0 m( i- J2 q
| updated_at | 2021-03-27T13:11:38Z |
, i2 y+ e: ^6 Q2 [! M: I+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+: U0 z' V0 C# e0 r" F% s
7 ^& h0 f7 q! S0 l添加一个22端口的安全组规则:
% [' Y, X+ T k l. N$ r% O[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0) l' v9 u: {$ v7 f1 R. F" _4 w' w
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4 G6 u: g8 u$ x! I* p| Field | Value |: Z! s; O M5 q5 f F$ G' G
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 k8 U5 P: X6 X5 `8 _. s) |! || created_at | 2021-03-27T13:28:31Z |
7 F2 G1 ]7 l- V q: z0 n3 || description | ingress |4 B- z! B9 P6 X: s s; V0 |& H
| direction | ingress |
( i' Q4 z, U( i8 f: A; `# b| ether_type | IPv4 |
- q( Y7 S& g1 S- D. [| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |
* z$ z3 H k" e$ q% `6 W| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
7 k- g4 I& R) j7 ]% G8 F2 v| name | None |
' h" a4 h9 u3 G( R/ R* t2 j| port_range_max | 22 |
+ A$ }# ^) @; q. }. r0 M4 Y1 }. p| port_range_min | 22 |1 t6 q" {! b1 L# _- Y1 ?
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
' ~' p, [) }! v! b7 ^# k2 B$ {2 z| protocol | tcp |- L7 A1 u2 o: Q' @, s5 x9 X- t0 s' ?
| remote_group_id | None | n, L/ L% u% r4 a' j H
| remote_ip_prefix | 0.0.0.0/0 |5 `! g% Y( y2 h! k* s2 J
| revision_number | 0 |& L( G- G; w# n3 F
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
+ R/ O7 N0 U# i: [$ O$ B| tags | [] |
' a6 ^# Y# g) r* Y! V( H| updated_at | 2021-03-27T13:28:31Z |0 d( }8 }1 {' A/ X
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5 X( n$ y, ^8 d% }- X& `/ K& q7 U. H
添加一条tcp协议的22-65535的端口规则:
" H. n1 K) z* x# ^, J/ X# M) w! ^; o' H; s+ o4 ^
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/00 G2 V9 H8 v. Z8 W, x* v, o. \
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+3 z" h. T7 c {$ ^; L1 e* K
| Field | Value |
5 |- i5 l# z' j# j5 V+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
: {6 S" q7 Y. z7 Y# u$ o; h| created_at | 2021-03-27T14:01:00Z |
+ G/ ~& I- V# F. s; P H| description | 22(ssh) |
; r7 l, X5 y4 ]| direction | ingress |8 N* g9 B. t6 N, }- ~! ^: e, `
| ether_type | IPv4 |# L2 p( Q% g/ s
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
) {" Z, E5 }' \- V| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |3 O U2 N: T0 @# q# t
| name | None |' |5 y8 Q& ]; g8 O7 v. {9 p+ x4 p- k
| port_range_max | 65535 |
. B( |0 r- O& y- X2 p, _! r1 i0 V| port_range_min | 22 |
. x6 E% Y! V, K: k| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |9 _# `! I1 v% ~" ? ?
| protocol | tcp |" g# ^) w; U% i/ I8 v
| remote_group_id | None |
/ t0 R3 A+ M8 i7 W/ f| remote_ip_prefix | 0.0.0.0/0 |
3 H# W' L8 K' ?- W| revision_number | 0 |
8 w: O* K7 O& V! q5 J% r! W s| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |* `- V# \# Z" [
| tags | [] |
- [6 f6 G$ H: B u| updated_at | 2021-03-27T14:01:00Z |
" W6 A7 W! J% c7 A- ^+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
0 O5 B$ w4 v: W3 @5 w
) r* y& `, m- ]删除安全组规则:
8 \ ^( Z( K& X+ H3 p9 t' L[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251
+ A" j3 b P1 Q3 o3 Y9 z: k8 {+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
# K0 p* P6 s2 i$ Z0 E| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
" B3 g* o+ A& s+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
9 d& j; C0 L( x. c| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |
; X: g% D5 P; L1 P| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |
( k, A5 P& ` L3 `* _$ R2 k| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |
/ _* g! b( X$ x| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
8 G* `: g+ U9 i& j8 _6 j+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+9 X, j% ], [% |0 J+ L( m7 _% ~
[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b68606 r& {3 D7 Q3 B/ i2 R1 E) F
4 W2 u1 _8 s/ s) k2 X
% M& |3 M# s3 o
( s' u$ \+ b. T6 k6 ^ |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2021-3-26 20:56:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主