|
|
neutron中使用openstack命令创建删除安全组及规则
( j" W9 G1 U! Z5 U* t$ u% _
$ k9 A8 N3 U9 b* c B删除安全组:
0 i7 c3 M! { h* u/ B% P0 h4 j' \[root@controller ~]# openstack security group list
% P. W7 s0 n+ i) Y8 l+--------------------------------------+---------+------------------------+----------------------------------+------+
( o1 n. Z! M- c) y9 p7 V| ID | Name | Description | Project | Tags |
$ ~" y$ A/ g$ ]) r5 R) B. m9 M+--------------------------------------+---------+------------------------+----------------------------------+------+" K0 D6 F9 K9 @3 r
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |+ Y4 P& L: C; j j4 L
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |, \' n7 j- p! G5 u: _0 P# V% T2 I
+--------------------------------------+---------+------------------------+----------------------------------+------+
2 L- I" |# D: L9 x$ L" W7 W& d, ?$ s9 w[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a # V9 Q& `) f- O4 L8 y/ |( V
0 q6 K/ H1 x$ `) R& A V9 ^. ?8 b7 Q( c
查看安全组:4 X. b( P0 f( J) D4 q
[root@controller ~]# openstack security group list
( B' R/ X, m. X& d+--------------------------------------+---------+------------------------+----------------------------------+------+
; N u* Q& h$ v$ M9 Y& Y, ~3 }| ID | Name | Description | Project | Tags |, s/ X% }7 G# m m6 `9 q
+--------------------------------------+---------+------------------------+----------------------------------+------+6 O* }+ B1 F& x, L; h$ [
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
+ ]% W, _3 p! A* ]: p9 A+--------------------------------------+---------+------------------------+----------------------------------+------+
; S/ W% L; Z5 V9 r; C _3 i' l查看安全组规则:
U) n8 R! v5 W: f6 L[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a ' i. p: }- u( r p) b. |! o
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+( a9 j+ ^2 Z0 Z) |7 [ T
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
$ ^( E( X( T u, M+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
3 t: \& p# o2 m% c, E0 K| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |& `/ q% {7 @+ Y
| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |
3 B4 U3 H0 B0 z$ {% y| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |+ D* @ j) w w) I6 V L R2 S) L
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
% W+ G! O# o8 j4 e7 L- O+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
- J( u! j4 J+ d+ E3 f, p' V# a @8 c
5 w4 ^4 l& s: m5 X3 e4 f+ B2 b
9 T. D' \; w! }( t# z9 l! @创建安全组:
# Y0 {) v) u: @2 x( D7 P9 e& T* d
[root@controller ~]# openstack security group create sshopen
4 Q/ y$ R# _& e+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
. C. F! n$ @# m) e| Field | Value |
; ]+ f; r6 Q# K2 a+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
) F2 W6 H( N, u1 R1 E1 M| created_at | 2021-03-27T12:56:50Z |
$ U7 A6 u/ S% c. Y, ^ C( M| description | sshopen |
+ s% C' ?# e2 a8 X! I5 B| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
8 n1 r3 o- a6 S8 N| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
0 ~0 ]7 k- l! U. _! J| name | sshopen |# J6 T1 p p5 i5 ~) h
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |3 e3 z g' l7 q' t" k
| revision_number | 1 |/ g8 Z+ D7 M( E/ R2 F
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |# s% {/ S7 M* |! n4 p
| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |
9 W( a8 ]' B& Q) P. s| stateful | True | b* g2 v# M' {$ `
| tags | [] |
! V! C6 ]4 G/ ]* M2 a| updated_at | 2021-03-27T12:56:50Z |1 K/ ]; ]- |, q' S7 a2 O$ f! y
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+. f$ L) o8 J3 {% J6 N4 K) e: U
/ F R0 p* I9 P) A; I& x
, l# E' u5 g1 w# h0 H. R5 c
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0
& a9 n9 Q W" f+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+# }4 C; M9 B( E5 u2 J+ v
| Field | Value |
; }: C- K- p# u* m+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5 C9 K2 s4 O C| created_at | 2021-03-27T13:11:38Z |
, K' j3 y" ?1 H" x) u4 e| description | ingress |
2 f: x4 g3 Y+ F$ C) o* x+ h) u0 P| direction | ingress |1 j( y# k4 U3 f
| ether_type | IPv4 |, L4 \% ~1 |4 p! ]7 [5 [6 y
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |
* k( x% C2 a1 J' o) h0 ]1 d1 e| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |* L: Z5 y' J* r- l: }0 w, K
| name | None |* j# W% j: ]7 [/ c( _* E
| port_range_max | None |
, N8 k) _6 ?9 f2 |! c( Y4 ~4 f| port_range_min | None |; o. q- k8 W7 n' K! p& m# ?9 G
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
& o: p* s0 p8 J$ a5 c b; N| protocol | tcp |( V/ q/ S& n+ H/ \8 h+ n+ |
| remote_group_id | None |
7 P# q& y5 c/ C7 E% @. L. c| remote_ip_prefix | 0.0.0.0/0 |
6 }& D, @8 y! T| revision_number | 0 |6 X2 G" C0 h# T) k" r
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
$ k, Z. k" W& j( j, x* H7 G% y4 [| tags | [] |
2 q9 ` h( O" p. `' c, Q$ || updated_at | 2021-03-27T13:11:38Z |
8 h S. {( M& L3 H* ^+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+8 Z( e' O, d+ S; n2 M; k. r
" l( k. l& R) i4 f% v$ n6 x/ r
添加一个22端口的安全组规则:6 O1 Z1 E% q% ]/ Y7 N# \
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0
" ~( A; `" G. ?% _" t+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 V" c- P2 b! ?/ U| Field | Value |0 {8 w- A1 t( M8 P% @: ]
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+: ~4 c1 g* |2 @- m; Z
| created_at | 2021-03-27T13:28:31Z |
4 L$ R& D& s2 B4 M* l M5 B| description | ingress |
0 P6 J; ^' p8 a( H- N+ Q, \ U| direction | ingress |
, U0 x6 ]" ]& N/ ?9 r, A| ether_type | IPv4 |
; R5 g# ]1 m0 x3 b| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |
% |2 O6 f: o6 t; f; T| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
- [" }, \7 z4 m- v| name | None |
! i" g: B' S0 n6 G| port_range_max | 22 | i& }9 p' Q# b' f
| port_range_min | 22 |' d4 M( Q, {" S0 H4 A1 m
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |* K# X" l" n w: @ X- t# H( F3 p
| protocol | tcp |( t" D; p3 V4 j: N
| remote_group_id | None |8 D, Y. z ], q# U ~, m7 H
| remote_ip_prefix | 0.0.0.0/0 |
. `: v) W* f0 V| revision_number | 0 |. k* B5 D: |! V0 b1 h, C
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |1 I/ p0 ^' K% ^; E' \" n, O9 ]
| tags | [] |
/ k: ?5 j- f( W5 }; I/ Q2 M# l) n7 g7 a| updated_at | 2021-03-27T13:28:31Z |/ m+ L- W5 I( z0 U6 w( u
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
) H: Y) t5 V T9 r9 i8 D% _. z- @. V9 J; p8 u
添加一条tcp协议的22-65535的端口规则:
# P5 P' R9 r# B
2 k! K( l% v9 }! A[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0
0 D8 g3 u5 B- G$ C. d% Q+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 B6 I q! e$ U0 Z
| Field | Value |
& j6 [) M1 v0 D# Y7 |+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 `3 n7 h& ?$ d; F, a$ Q2 ~, O| created_at | 2021-03-27T14:01:00Z |/ m4 g: \) ?! `) R' i- t2 v
| description | 22(ssh) |/ b. M1 b5 W& n% G% G! ~" V
| direction | ingress |4 x- r& D) [) z" R+ u1 B+ w* L
| ether_type | IPv4 |
7 a/ W( b8 U- V2 a# E6 J| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
1 x* m6 P) z) p. l6 || location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
- n1 F8 d4 _: t$ s# L| name | None |6 X* C0 {7 D- @* c: A; i: f8 E1 \: x
| port_range_max | 65535 |+ W( T' X7 U: e2 q
| port_range_min | 22 |
q2 d! T* W6 a9 G" B# w| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
1 Q3 z O/ i0 g% a, H* }( b| protocol | tcp |
8 ?7 P* Y% z- P( u' N; z3 G| remote_group_id | None |) x V" U4 e# M4 L. D! V9 s
| remote_ip_prefix | 0.0.0.0/0 |. B0 i' L# H( B1 s) @2 z& A
| revision_number | 0 |
4 F& x" b0 [) Z0 P- e" |6 \| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |& [( Y' w/ G: G- r% c# Z
| tags | [] |
2 A5 p0 X+ P& C, ~- Q| updated_at | 2021-03-27T14:01:00Z |
' j: K- g+ ]& {( o+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+0 E6 s" G) {* m$ l
* y" l! i1 S/ M' E- x/ [删除安全组规则:( B) w, K1 H1 L
[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251. L+ q' p6 }; @! }
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+3 F5 K- B# n" a* j- E# p
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |) k2 ?$ l" |2 f, x
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+8 l4 m. W* \/ G8 l1 H
| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |6 t! u! `" ?$ K' t( K# _
| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |" s7 h6 j8 {2 e
| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |
; Q9 h0 G7 ?; ~& W$ E| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
. Q1 E) J' m/ T% g' Y/ u! z+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
/ f: z6 `6 w! d0 s: k6 ^5 w; Y/ O[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860$ f% q2 j4 A8 O: w
1 `) ]9 y5 }# \ Z" d: Y
$ @- Y& n; o$ ?/ F8 R
2 m6 P7 z Q6 v
|
|
发表于 2021-3-26 20:56:44