|
|
neutron中使用openstack命令创建删除安全组及规则
+ d7 T7 A1 K n k! Z9 ?8 B$ [) l1 z# m/ p$ r; y3 ~
删除安全组:" r1 [3 C, J) D3 X1 `
[root@controller ~]# openstack security group list
\8 d; o" M6 g1 J; M& Q+--------------------------------------+---------+------------------------+----------------------------------+------+( G7 J. N' w9 T e1 {7 _: J y
| ID | Name | Description | Project | Tags |
; v$ q: u$ j8 }2 \; k+--------------------------------------+---------+------------------------+----------------------------------+------+2 p( _6 \. i( c9 c7 [
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |2 ~4 U& C9 F3 B, h2 k2 p- R; N2 V) m1 h5 o
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |& | Q2 I" N9 e7 \
+--------------------------------------+---------+------------------------+----------------------------------+------+
( Q! R( y; B% h* |/ l* F2 v [[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a
, N1 [. _" F1 o2 n; L& X) M# |( D; c
- D0 ]1 T* _ t9 n- b- T( w6 l4 j& ^- D# P# F
查看安全组:8 y$ a2 t3 E& `0 p5 U- ~- Z
[root@controller ~]# openstack security group list + r. j7 d* G2 j; r. p
+--------------------------------------+---------+------------------------+----------------------------------+------+; X$ d# e- S+ K7 @/ L
| ID | Name | Description | Project | Tags |8 w: F) L! U; l8 M3 q7 d# R5 W
+--------------------------------------+---------+------------------------+----------------------------------+------+/ V7 ?1 p/ c" f3 q3 j2 S6 E+ {
| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |" D* P2 Q' e7 D# c# D, E" O. C* _- R! [
+--------------------------------------+---------+------------------------+----------------------------------+------+$ g- ~* N7 Q, x l- r( B
查看安全组规则:. z8 u/ H. r2 ?: |5 o& l1 J
[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a
7 z! `4 |; Y" n! ?$ ^+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
2 t3 r% y) ~$ f8 t| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
6 u" _% M/ M2 M/ l; E& H/ E( f' z+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------++ @4 {4 e/ z4 O) e" Z6 V, q- ]
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |1 T; g, K/ H+ R- f J
| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |- Q4 G% Y+ f4 `7 _, W1 l
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |# z, @, Z! i+ p$ r, M
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |
3 Z( L2 j& |: Q% A# Z# l# |+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+7 b/ c- @. B N! Y$ F4 c/ B
5 U }5 ~1 J: O4 Q6 o
b+ o& V) c8 m$ I- g: O创建安全组:* e! m ~( t' N/ H' V% A/ d Y4 K* d
" d+ H0 N" j2 C$ g% U
[root@controller ~]# openstack security group create sshopen
* m' k. b4 |, O7 ^9 X+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Q/ S! V7 O; T, X) k4 }| Field | Value |5 O9 i2 \ O* x+ K7 W$ D* n- w
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+: V' l1 ^5 M! ]
| created_at | 2021-03-27T12:56:50Z |5 t/ a3 x. A/ d7 u3 r _6 y9 ^3 W7 {
| description | sshopen |
; H2 U1 Q6 G- t5 F% o| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |6 i5 }& P1 J5 B a3 {: w, E( k
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |2 n/ b4 p5 p- t7 H. S: S
| name | sshopen |9 s) j' {. J+ K/ S- X
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
0 G& m' c: _0 | j2 S/ T| revision_number | 1 |8 U8 S( j8 m: n! j7 ~6 ^
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |; ^% Y9 Y& @+ [
| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |
9 B$ [/ ^2 t6 H| stateful | True |) e8 b5 C4 @6 P0 I# ^; V- Q
| tags | [] |
* L& P. E. H5 ?% I: e! P; d| updated_at | 2021-03-27T12:56:50Z | A. o8 P8 |9 W
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
! |2 b1 V8 ^5 V( I+ z0 I" m4 j z; t
! [) s' e& m, x7 K! j' G) X/ `
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0
2 W: e0 ]) R8 s. d+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 B; }2 Q$ H, Q8 W) r| Field | Value |' u3 P' R0 d6 P4 L6 \. e
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+% E+ ?7 T" ~$ N( Z6 } X, t
| created_at | 2021-03-27T13:11:38Z |7 Y6 b6 ~% R" Y& U8 V4 @
| description | ingress |; N. |' O9 u( r
| direction | ingress |! I5 g! ~ v3 K9 F9 ~2 { m
| ether_type | IPv4 |+ F" ^* F0 A! T
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |7 [2 `6 n# ~" X3 F
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
/ F: n3 W( I& P( ~( T7 K/ V| name | None |
0 x: X4 {9 a2 \& |: [7 a| port_range_max | None |7 v+ ^/ S8 ]# G- B' \2 q, f8 d
| port_range_min | None |! b) N4 y! A# N0 s# D1 b' D
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |- g1 G, x0 C) Y7 `7 v. p
| protocol | tcp |
. Z a' ]! n" s' N| remote_group_id | None |# i. z, O( e% X+ o" j: n
| remote_ip_prefix | 0.0.0.0/0 | A4 E6 s$ ^# n) p% N9 w2 O$ c: n
| revision_number | 0 |& g F! F. o+ c9 A: E& i& ^
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
. T5 U8 E' c+ Z; L/ x) C1 j, n| tags | [] |
2 j2 H0 B+ v4 { |6 [/ Z* W| updated_at | 2021-03-27T13:11:38Z |
1 ~, g; T" t3 a9 t+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+% q0 Q u$ R# L0 S1 Y, z6 X4 c
8 j) G4 x3 j& n ?
添加一个22端口的安全组规则:, e6 y7 u5 h+ |
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/0' w: _/ S9 L; T$ W8 f/ e
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 e6 P* a2 M$ h1 A0 s2 _| Field | Value |
9 X9 z- _; d, U/ n3 b2 T: g$ x+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9 w: @ q0 C9 f4 O( U| created_at | 2021-03-27T13:28:31Z |
+ m% M& E0 c; W2 O| description | ingress |& F& A6 [/ H( U- @" D
| direction | ingress |6 D, B: U, }) A$ I: u( e, E
| ether_type | IPv4 |
6 P% ~( V. V! Y" k+ }% i| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |' c, m+ ~2 P k; u/ x
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |! I8 b, C; E; ?
| name | None |
: x2 v$ P; U( j! ], H| port_range_max | 22 |; a( C! s$ C7 G8 V# v
| port_range_min | 22 |
# O' [- H. r+ \( [" _% t| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
$ w6 c6 c1 w0 m8 a* Z' @| protocol | tcp |. n [: p, a" m) z( i
| remote_group_id | None |
+ k4 B( l& e4 k% }% M| remote_ip_prefix | 0.0.0.0/0 |
) h. ?! ]! ^" _, r| revision_number | 0 |4 L% ^, p8 n- J; y+ L" E" h
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
1 \8 ]- O$ t: `3 O1 u2 E8 F+ Y3 l8 N| tags | [] |
|& [3 f) d, ] j$ q| updated_at | 2021-03-27T13:28:31Z |
. S4 V& V" ?9 _# _$ E+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+( y/ ^0 A( w* \+ u8 [- P1 \% _. p
* R8 S& B! f. v6 ]添加一条tcp协议的22-65535的端口规则:$ q% D/ B$ E( I
7 t4 f* V& j4 a[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0
) H( Z! a. t/ [+ f+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+# Y( ]8 h2 }0 f
| Field | Value |
, W. o P! \! v* x8 x ]+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
# J: V3 R/ Y }3 {| created_at | 2021-03-27T14:01:00Z |. D: K2 G& p( i% ~
| description | 22(ssh) |
& L6 t3 n2 J- x| direction | ingress |
) a7 n; X9 j+ D8 t7 e& \4 G i4 F| ether_type | IPv4 |5 a) U1 [+ I# m4 ^
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |+ z+ k5 i/ d/ g1 E
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |1 |( ]0 R+ b5 w: c0 R( n; E2 a
| name | None |4 \" u' M; @: r% W% r: J& j& u! U
| port_range_max | 65535 |
6 G6 y8 c, ~2 Z| port_range_min | 22 |0 P2 M \% E5 M3 F
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |1 `5 v' I9 d& o2 s: d
| protocol | tcp |! y+ i# A7 M: N1 Y8 O7 g
| remote_group_id | None |
" [% {, n8 d& z7 e+ P' y| remote_ip_prefix | 0.0.0.0/0 |
5 S4 o: h$ {1 q' C9 R| revision_number | 0 |
+ T a: k3 c; g9 B* y( b' {5 u| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |4 P. K5 ^8 R: j; |" y
| tags | [] |
* N5 y& [+ q- G3 K| updated_at | 2021-03-27T14:01:00Z |( \) h+ U/ S$ `
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
' @6 Q' Q! M9 C" R3 P" b
7 ]3 N3 K( b; N d* X- ]+ u7 b删除安全组规则:
3 A a% O8 s7 U# o[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251
, P7 e3 s3 I* A* |: w+ L" e+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
) f( g: V; y: e/ |- ~| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
, ? l+ n2 Q2 u+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
; y& x- X9 \9 b0 H- {4 ?0 ^6 U| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |
- | X9 ? h, H- @6 ^| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |
6 {! M. s3 |! @3 U$ ?| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |" j8 W1 [2 l$ S, s( n4 o
| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |( \8 ^1 m; }, }( u
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+/ D: U# [! N* u" _. T
[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b68608 Y+ U' R9 q# z* m5 |
! R7 R$ h! }! z" @7 X I, J0 x
6 w7 @, H7 f% t) y
/ |# k& y0 d6 P& t |
|
发表于 2021-3-26 20:56:44