- 积分
- 16841
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
neutron中使用openstack命令创建删除安全组及规则' G* H+ S) f; v( H- k
' D3 A {- x. K+ X8 M
删除安全组:
6 M9 G+ c; T3 {[root@controller ~]# openstack security group list h" v8 F, ~5 @9 Z3 a% F2 d
+--------------------------------------+---------+------------------------+----------------------------------+------+
/ X# q7 [7 @5 c7 U, }0 D| ID | Name | Description | Project | Tags |
- m _# ]* E; e$ J+--------------------------------------+---------+------------------------+----------------------------------+------+
8 A Q$ V5 e' n4 M$ _) {! Q( h| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |" E% Y0 Q* r2 l
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |* V0 [+ E6 u2 b& t2 h/ G/ [. Y: I
+--------------------------------------+---------+------------------------+----------------------------------+------+
1 N+ i$ H6 J, k* K8 K* G[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a ; l F# Q+ B' x
0 y. s! H/ Z% O, q; ^6 Q9 `
9 S3 c+ Z t7 O" {1 Q6 K查看安全组: |. |# _( _$ a1 h1 @. i, j
[root@controller ~]# openstack security group list 1 C! o/ T/ r0 o: `# J& B& L
+--------------------------------------+---------+------------------------+----------------------------------+------+" a( b. `- ?5 S0 ?. b" R
| ID | Name | Description | Project | Tags |
5 y) J: v V4 w) C$ f+--------------------------------------+---------+------------------------+----------------------------------+------+
* ~$ \0 E) K" l3 L! b' x, t| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
. d& X% f! i$ H% s) t+--------------------------------------+---------+------------------------+----------------------------------+------+
/ M( k. U; p3 U$ E7 N查看安全组规则:" K- N9 z, k u! P& a8 R. A
[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a
9 g* n7 v" x3 @" y; M( t+ _! S; [9 ~+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+5 w1 ~: B1 L8 Q7 S0 g X4 e0 w
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
+ Z8 C+ v/ K- v/ t1 U* c+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
( B! D1 n' A0 d) a; }| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |
5 c( x' ]9 ^. K7 W| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |1 Y6 E x' M, |
| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |* x$ T) C- R4 o
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |- q# J& R% U4 q3 H( V
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+% j% i3 T2 c+ Q, M8 G* q7 h- O
; `9 f' F. p! u) I6 H3 ^: |% L& S. T5 X% ^) ~
创建安全组:* y6 M4 B8 ^5 o: F0 n) W/ v: \
0 \5 _/ d, S+ L7 y8 B6 a% `7 L# r" q[root@controller ~]# openstack security group create sshopen4 j9 ? @, C( V! f( v- ^& m
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+. R1 ]) m! U0 K8 N7 K; Y7 ?
| Field | Value |
1 F1 S* [7 T. p: l+ L+ k+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+8 S4 N: D& D& L; G5 R- J
| created_at | 2021-03-27T12:56:50Z | N, B7 X- ?6 w/ q
| description | sshopen |
: F- n! G% R; h| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |8 z4 n- O1 W8 U
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
; m5 k* |) ?! S0 i/ D5 }9 U| name | sshopen |1 b! f; K( f" T% W/ D9 F
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
5 M7 `0 F) R6 \9 W- E2 ?| revision_number | 1 |& z% U0 t( I7 \( ]+ ?. S% }2 p( x
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |3 W$ R0 ]8 V& `: c3 D
| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |
& y7 o5 E2 `& [9 Q" T1 A| stateful | True |
& k. l1 Z) z$ U% u| tags | [] |& A1 {, ]# w: q) z/ X1 G! M
| updated_at | 2021-03-27T12:56:50Z |
9 k5 n2 F0 l0 X6 j; n+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+1 |' h( P9 s. T) ^7 |
2 h. q3 E* t# ]5 Q6 @- ]( O
$ b X# A6 J8 R- x) {; ]创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0& t' f) s- Z- ^, `: E
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
/ E8 I" i' @2 x: ?, O q! Y. g| Field | Value |
3 t( s4 R b! W7 z+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+" o Y' t. N- c: }6 Y/ L: Y
| created_at | 2021-03-27T13:11:38Z |
( t" E/ A& A* }' V| description | ingress |/ e6 I! O$ S: ?5 u, E k- V
| direction | ingress |
* O* _$ @) I% |, j7 h+ H| ether_type | IPv4 |" X+ y+ i1 \2 U7 N
| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |
$ e8 f3 j1 j" [; z$ C| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= | m! c( }7 t- R+ a
| name | None |
; F& T& v+ \! _5 b| port_range_max | None |
e& @. A. ^4 Y1 k: G" Q( _| port_range_min | None |
( S& D" o3 ]+ x3 c: j2 h( F! r| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
6 }9 {$ Q2 Q; R* e* t8 P| protocol | tcp |
1 S! Y3 Q. `0 {" R! U( X| remote_group_id | None |
) L- {. l! W% r* T| remote_ip_prefix | 0.0.0.0/0 |
, J8 W% ]4 y9 ~$ A$ k) A| revision_number | 0 |7 @( q1 \4 P0 G1 h h
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |0 B) X2 }* M# G/ c4 r# B
| tags | [] |
5 ^. ?& Y4 s0 H5 L. L1 W| updated_at | 2021-03-27T13:11:38Z |7 e# o F5 k2 @" T& K- H
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+) l" o& b, M) u6 p6 o6 L
, G2 r* j1 v) _添加一个22端口的安全组规则: q5 c* {' ]9 Y' t* F* ?
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/03 |, X; p+ l9 T; X$ j
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+, c2 {! {0 U( l; E
| Field | Value |; D1 C9 M- T1 k3 ~. n) h) ^! d
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
& G7 {/ z6 f" _& || created_at | 2021-03-27T13:28:31Z |2 x: o' n4 G& o) h1 U7 H5 ?8 h* ]
| description | ingress |: n1 ?0 C" W1 Q$ N: I
| direction | ingress |
, D4 t& _# R j1 P- A0 W| ether_type | IPv4 |1 Y Z0 B1 l: n, _, e
| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |
* q% M; H3 x. w: x: S% k$ t| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |- k9 C9 m7 Y0 R$ E" i" U _& ?
| name | None |, v5 a$ f K- F# S
| port_range_max | 22 |
$ L X' U5 U' a. k| port_range_min | 22 |( q, f, C E r9 V: q" ]( s% i( p6 w
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
: U# I/ A/ G) S8 g! Z3 F ?$ w| protocol | tcp |
+ V) A1 Y; z3 K| remote_group_id | None |9 [" g$ |: ? H2 f& v% r0 [) b+ E
| remote_ip_prefix | 0.0.0.0/0 |
5 F8 C: d% _' t: e- S| revision_number | 0 |
6 \( B) v' P9 }# f| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |& D6 v3 A- v: a
| tags | [] |
k4 D; _0 ]' a, F; g! E1 c| updated_at | 2021-03-27T13:28:31Z |7 X; k1 Y6 `0 v8 X' V- e" S8 p8 [: b
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
! w7 P0 Z: J! S- b+ i- V; m8 e4 u% { F
添加一条tcp协议的22-65535的端口规则:+ s- @9 S$ y' D) y# a& D- E k
2 f1 t! z9 _- q) F7 r. x; v: X+ r[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0; @4 }4 S/ F* x, s% W% I5 p" Y9 i
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 r& ]+ J5 m) |# Q* `6 r: O y* z
| Field | Value |
/ j. V4 S0 T, c# G+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+) {0 O V( b- ^( ]4 c; k _
| created_at | 2021-03-27T14:01:00Z |; q0 z# w; O: `2 M5 v. X
| description | 22(ssh) |! G# o1 N" m, }& t6 G* U' b
| direction | ingress |/ C, w; F w. ]: S
| ether_type | IPv4 |; S3 n0 T% Z! D% i( V5 H
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |
) c! T2 u/ S7 ?7 W+ e+ E| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
6 d' O7 ~1 v g. a% w4 m! \| name | None |9 h- X2 L+ |* U$ e# X3 F2 w. B
| port_range_max | 65535 |
2 L0 Q) K( {3 Q7 ~2 m( V7 u. j! ~| port_range_min | 22 |
5 }) s0 W) `9 |' f9 \! P9 ], E| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |8 q, B' k" h% C% r
| protocol | tcp |
' l3 {- F2 T6 K2 X' a2 d3 Y| remote_group_id | None |) H1 K" q/ q! X. J8 a
| remote_ip_prefix | 0.0.0.0/0 |: R4 t9 Z* X% @* V9 e5 u
| revision_number | 0 |* X: ?( b" }0 T9 e1 E7 c& b$ g5 g
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |& k5 [2 a! q( a
| tags | [] |
e$ B2 m* Y3 F4 s" ~| updated_at | 2021-03-27T14:01:00Z |
* s0 o8 ]& `% H0 c. f7 n) _( E5 s/ ^+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+4 |1 B! `. _& y* I- r) J, O- |
8 z9 k \0 Y. v删除安全组规则:
" q2 X4 T# n: f* J' z& ^' B( J[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc251) e0 n s; M. P# v1 G9 l- M; R
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
, X' S) @: z, B4 n+ Z| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |1 Y( r: n7 [/ A6 Q2 ]
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+1 l2 V" p" c( L- I @- c3 o
| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |- M8 e9 m# K7 m T
| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |3 X8 t. M7 d/ P1 s
| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |
, H* M+ j0 {6 x' h$ g# ^8 {7 p7 e| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |2 d+ k( K* j K" p) n L( c* q$ t
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
* C( F6 M- E& M' m8 L$ r[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860
1 }9 J& ~2 d# ~+ `+ {. v% O/ W6 J4 D/ x% f. O
& {, @0 \, L/ g0 a+ d, ~: k
# h; A7 T" C, m2 U2 | |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2021-3-26 20:56:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主