|
|
neutron中使用openstack命令创建删除安全组及规则
$ _1 k, { R/ \2 D7 t0 y' Z1 u! V
删除安全组:- Z' w( k3 E# ]/ F$ k5 \
[root@controller ~]# openstack security group list
" W! ^' G4 [/ y/ x, I9 Y r+--------------------------------------+---------+------------------------+----------------------------------+------+- _( R" l9 a% Z; n6 G2 Y9 ~
| ID | Name | Description | Project | Tags |. ~. W/ K; I3 S1 h" ~
+--------------------------------------+---------+------------------------+----------------------------------+------+" P: h$ E& Y+ x3 L% T# F. \+ U. ]/ r, @" I
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |5 B/ L# M: Y$ C0 |& c% L# D% t
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
9 G" s4 T+ a$ b! F7 V2 G& _. C+--------------------------------------+---------+------------------------+----------------------------------+------+* j; l- o3 p9 }. }" ?
[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a ' c( I9 G ~5 f. F# \) P3 u, D
5 Q w Q7 {& m0 j2 S; U
& s, G6 p6 m- h1 v" i6 B0 M' {查看安全组:9 T- U0 {. X; I) t
[root@controller ~]# openstack security group list 4 b5 B5 S0 Q1 d3 S
+--------------------------------------+---------+------------------------+----------------------------------+------+
; \* H* j6 P$ Q6 I7 H| ID | Name | Description | Project | Tags |2 S1 e4 S( W D+ Y. V
+--------------------------------------+---------+------------------------+----------------------------------+------+
8 O/ \: ^3 q" V| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
, B2 m5 Z5 x7 T6 f4 Y& g' x+--------------------------------------+---------+------------------------+----------------------------------+------+
! @! j, ^& m' E0 \查看安全组规则:
% F7 f' k; v+ {[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a
2 B6 @! g G. k! Z9 P+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+2 {! S% N, H2 u3 l
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
" r. ~1 l3 _( x' z- R" Y7 o- w+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+! g) u* t9 `% T1 r
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |4 f: \9 S9 \/ z
| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |; h3 p: n7 Q, U
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |& o' Y) ]% K+ O- f7 A
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |( A6 m# ]1 n$ u/ G' ~' `" ~5 c
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
& H7 z! ]- u2 Q2 ~# e2 h' ?4 u. R
' i* B+ \1 k/ [ r创建安全组:& J9 \' a& Y: h* W4 a
4 {0 ?3 i7 R, q
[root@controller ~]# openstack security group create sshopen5 I' t' C0 K; n
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+3 {$ x- B- }" n" j T4 U
| Field | Value |/ U+ b/ D1 i5 t3 J i$ ^
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+1 g9 m! f5 E0 c2 r" n
| created_at | 2021-03-27T12:56:50Z |
5 @8 t* o) K+ i4 r4 U5 T2 p| description | sshopen |
6 c! u# C9 {# G3 i, S| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
* X5 ~3 d+ {8 A( _+ z; |5 C7 Q| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
' z7 j& Q, x w! b2 h* q! B| name | sshopen |
% D1 ^& R! o" @# r! r| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
1 U( T9 P! V# Y3 {! D6 @( F4 V| revision_number | 1 |
% I/ p- ~6 D& E+ W+ V( c3 d3 X| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |
" i1 {, k Q9 f) N& O| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |+ s/ z* J' V7 @
| stateful | True |
% t. W) \$ s- k& v% N4 {8 ?| tags | [] |7 o* {2 P( C5 y2 @& Z
| updated_at | 2021-03-27T12:56:50Z |
1 h1 \: Y9 ?- M$ P6 N+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
8 a1 n- ^1 K: `4 l" c: u! z, v7 z$ k$ r8 Q
A6 y% y+ g* }6 I
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0) k- W5 {1 b" u3 |6 r7 g2 I/ w7 U
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+( J! r) \+ @& T' z
| Field | Value |
2 Q4 N# f8 P7 i+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
) {- T0 m' k5 _; W9 e6 T7 @& U1 z| created_at | 2021-03-27T13:11:38Z | g. j1 ?8 W: x" b# v
| description | ingress |
" Q' {6 Z+ V7 e6 T( J9 i- R- l| direction | ingress |
4 ^! U9 U# d& f [| ether_type | IPv4 |! A" |8 \; I. P! Z. }) z
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |
9 e' G5 c, c: ~8 b| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |& L! z- I# t$ p; E; Z* _ t6 E
| name | None |7 c% U0 z: `1 S
| port_range_max | None |$ Z' s0 n% f7 N6 F+ z! t
| port_range_min | None |
6 ]# }( d, X% o( S; S| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |3 r7 ]; C6 j. e* Z) O6 J5 R
| protocol | tcp |
3 w) q0 }/ ^9 k# J| remote_group_id | None |$ g( j# P6 f4 n9 X
| remote_ip_prefix | 0.0.0.0/0 |1 I I& z+ F$ l4 [7 R7 ?; T% C
| revision_number | 0 |
# D$ ~" M; J: K X| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
5 c% R1 c2 A4 Q3 X0 a| tags | [] |
0 E0 S; B) d$ ?4 J' c) ]. d| updated_at | 2021-03-27T13:11:38Z |$ }1 Q1 h% V4 g( }; m( ?4 ^( Y
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 D- g, ~' o, N' ^
8 Q# i& N1 f4 D/ `
添加一个22端口的安全组规则:2 r a0 _& _) ]- \. Q
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/07 D8 K' X9 r% W0 g {9 B
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------++ a+ Y: B0 x7 \- {- h8 }0 V
| Field | Value |0 U. O) T3 b' m* ?. x
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+. i* k8 g/ F$ K. E9 X, V
| created_at | 2021-03-27T13:28:31Z |
' T" q6 @1 h4 [7 O ]/ h) H3 _" `9 a| description | ingress |
2 m3 e3 X w7 m# K2 Z& q| direction | ingress |2 b5 o( J5 ~5 C
| ether_type | IPv4 |) F+ ] x+ H+ L5 M% R5 W# k
| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |- c7 |5 B) g; B' S* k: d7 ]
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |% \6 o# ]* p3 Z: S) b N. M
| name | None |& ?. X- {0 m6 w; G
| port_range_max | 22 |; q3 ]& x, Z7 S; `8 i
| port_range_min | 22 |
: ^# S3 w% Z9 C4 m2 y| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |! g _. T! L5 E- t
| protocol | tcp |( R! e0 i: j! B) r8 _! k9 J
| remote_group_id | None |
. H0 p/ l: R0 U& h| remote_ip_prefix | 0.0.0.0/0 |
0 Y) x5 T5 g; R0 R| revision_number | 0 |
; r3 y0 z# T4 D2 l+ s* e, R9 F. C| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |0 Y& H2 K' K" j% D8 C
| tags | [] |: G3 I! [9 @) e4 E1 m
| updated_at | 2021-03-27T13:28:31Z |$ Q/ e+ y+ m. r1 \/ P! t% y
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+. d! g* d$ o" q9 n1 w) x
9 G6 U* C6 A# Z$ X
添加一条tcp协议的22-65535的端口规则:
' p7 Q* d, Z$ _" h9 o6 e4 ]/ e. m; p0 Q$ G$ r+ p; K8 o' w
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0( e4 k5 {( Z0 x/ h
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
* Z* d+ Y1 g: }' W| Field | Value |
) X8 n. r, F- G# X7 c" u0 w+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+& A7 `: H: h- C4 P$ P
| created_at | 2021-03-27T14:01:00Z |
3 O' F" B8 K i; j| description | 22(ssh) |! H" g- @; I6 N+ l% i
| direction | ingress |0 O5 |6 [, J8 L. V
| ether_type | IPv4 |4 J c1 D$ J5 l+ W( R
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
% N8 z# ^! _6 ?| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
8 N: N9 T9 i. g| name | None |
8 H3 _% c/ J, b% W| port_range_max | 65535 |
' S) u5 ~2 u5 s; O& I4 `: v| port_range_min | 22 |- w1 i0 C$ W. O1 ~4 i( C
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |2 T( y1 b# y/ ~ X- N1 P! h
| protocol | tcp |
; j3 N o9 R+ Z9 {' ^1 s: u| remote_group_id | None |9 D) Q( F- I0 t- S; E+ K
| remote_ip_prefix | 0.0.0.0/0 |1 V/ j; d8 E+ I( Q; N( r$ w4 w+ J! L
| revision_number | 0 |' W, R* @" l+ O+ T6 S5 c" G1 u& R J
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |/ d- \7 Q1 q: o, _
| tags | [] |( A& l; v. c* @3 H: w8 H
| updated_at | 2021-03-27T14:01:00Z |2 ~- } T: y7 [! _5 S0 Z
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+% }! a, \( E: o% Q t& P. \/ P
- m/ [. z/ b h7 {7 K- f* n d删除安全组规则:% V% A1 N) i" I. E' R5 W# M
[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251% b$ P% ~8 e* @' z, K! Z J* l
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
8 R* F; O, s8 ^# L| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |# h/ l1 D* `+ W2 e4 b
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
9 t- M A" y R0 k& u3 y- ~& {# h3 Y| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |
3 O) B) F! ]. O| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |8 u" x, U- {' h0 W! X7 v
| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |' @2 d0 T( d% y5 _
| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
+ |1 p: D7 A/ h& O4 `+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
7 _/ m: e# l8 k( E* ^ M2 }[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860- p' v C0 r4 A
) k$ m6 K0 G$ f& g& J7 ?
3 x7 y h! z) H u2 `* h" J( q0 v6 L7 x( J2 D. M$ W
|
|
发表于 2021-3-26 20:56:44