vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/eip/umn/qsg_0007.html
Qin Ying, Fan 27d1dd170a eip umn 102606 
Reviewed-by: gtema <artem.goncharov@gmail.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2022-10-31 11:19:24 +00:00

101 lines
13 KiB
HTML
Raw Blame History

<a name="qsg_0007"></a><a name="qsg_0007"></a>
<h1 class="topictitle1">Step 5: Add a Security Group Rule</h1>
<div id="body8662426"><div class="section" id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_s480ea51d8f2542828c323c6c8eb50861"><h4 class="sectiontitle">Scenarios</h4><p id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_p19783555101313">After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group.</p>
<ul id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_ul1499818151265"><li id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_li169988152261">Inbound rules control incoming traffic to cloud resources in the security group.</li><li id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_li1399891572612">Outbound rules control outgoing traffic from cloud resources in the security group.</li></ul>
</div>
<div class="section" id="qsg_0007__en-us_topic_0118646266_en-us_topic_0118534005_section2999103814551"><h4 class="sectiontitle">Procedure</h4><ol id="qsg_0007__en-us_topic_0118534005_ol1527262085715"><li id="qsg_0007__en-us_topic_0118534005_li1827982595714">Log in to the management console.</li><li id="qsg_0007__en-us_topic_0118534005_li17604162711276">Click <span><img id="qsg_0007__en-us_topic_0118534005_en-us_topic_0118498823_image338921514480" src="en-us_image_0141273034.png"></span> in the upper left corner and select the desired region and project.</li><li id="qsg_0007__en-us_topic_0118534005_li1728112545719">On the console homepage, under <strong id="qsg_0007__en-us_topic_0118534005_b19602181615913"><span id="qsg_0007__en-us_topic_0118534005_text1867062973610">Network</span><span id="qsg_0007__en-us_topic_0118534005_text83218315361"></span></strong>, click <strong id="qsg_0007__en-us_topic_0118534005_b9602616165919">Virtual Private Cloud</strong>.</li><li id="qsg_0007__en-us_topic_0118534005_li15281162517570">In the navigation pane on the left, choose <strong id="qsg_0007__en-us_topic_0118534005_b1970111818465">Access Control</strong> &gt; <strong id="qsg_0007__en-us_topic_0118534005_b134879352517">Security Groups</strong>.</li><li id="qsg_0007__en-us_topic_0118534005_li286122917579">On the <strong id="qsg_0007__en-us_topic_0118534005_b842352706154919">Security Groups</strong> page, locate the target security group and click <strong id="qsg_0007__en-us_topic_0118534005_b842352706155435">Manage Rule</strong> in the <strong id="qsg_0007__en-us_topic_0118534005_b842352706155450">Operation</strong> column to switch to the page for managing inbound and outbound rules.</li><li id="qsg_0007__en-us_topic_0118534005_li1063572655813">On the <strong id="qsg_0007__b551684851817">Inbound Rules</strong> tab, click <strong id="qsg_0007__b15201148141819">Add Rule</strong>. In the displayed dialog box, set required parameters.<p id="qsg_0007__en-us_topic_0118534005_p10544530320">You can click <strong id="qsg_0007__en-us_topic_0118534005_b84235270617413">+</strong> to add more inbound rules.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="qsg_0007__en-us_topic_0118534005_table111445216564" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Inbound rule parameter description</caption><thead align="left"><tr id="qsg_0007__en-us_topic_0118534005_row1811565205613"><th align="left" class="cellrowborder" valign="top" width="12.7%" id="mcps1.3.2.2.6.4.2.4.1.1"><p id="qsg_0007__en-us_topic_0118534005_p51151452125620"><strong id="qsg_0007__b919085682311">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="69.3%" id="mcps1.3.2.2.6.4.2.4.1.2"><p id="qsg_0007__en-us_topic_0118534005_p5115552175613"><strong id="qsg_0007__b686255612236">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.2.6.4.2.4.1.3"><p id="qsg_0007__en-us_topic_0118534005_p711565219563"><strong id="qsg_0007__b151855718235">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="qsg_0007__en-us_topic_0118534005_row9115105219562"><td class="cellrowborder" rowspan="2" valign="top" width="12.7%" headers="mcps1.3.2.2.6.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p151157525565">Protocol &amp; Port</p>
<p id="qsg_0007__en-us_topic_0118534005_p3510193211510"></p>
</td>
<td class="cellrowborder" valign="top" width="69.3%" headers="mcps1.3.2.2.6.4.2.4.1.2 "><p id="qsg_0007__p1146312543"><strong id="qsg_0007__en-us_topic_0118534005_b1939852442315">Protocol</strong>: The network protocol. Currently, the value can be <strong id="qsg_0007__en-us_topic_0118534005_b1147406450">All</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b477156881">TCP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b142440196">UDP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b1379225986">ICMP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b1340698853">GRE</strong>, or others.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.6.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p193908441914">Custom TC</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row6510532121511"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.6.4.2.4.1.1 "><p id="qsg_0007__p1465816448259"><strong id="qsg_0007__en-us_topic_0118534005_b134441812558">Port</strong>: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535. </p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.6.4.2.4.1.2 "><p id="qsg_0007__en-us_topic_0118534005_p1551023251511">22, or 22-30</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row511615528561"><td class="cellrowborder" valign="top" width="12.7%" headers="mcps1.3.2.2.6.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p86899991813">Source</p>
</td>
<td class="cellrowborder" valign="top" width="69.3%" headers="mcps1.3.2.2.6.4.2.4.1.2 "><div class="p" id="qsg_0007__p1622184514267">The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example:<ul id="qsg_0007__en-us_topic_0118534005_ul12116352195619"><li id="qsg_0007__en-us_topic_0118534005_li18391357452">xxx.xxx.xxx.xxx/32 (IPv4 address)</li><li id="qsg_0007__en-us_topic_0118534005_li6529544124510">xxx.xxx.xxx.0/24 (IPv4 address range)</li><li id="qsg_0007__en-us_topic_0118534005_li06004484454">0.0.0.0/0 (all IPv4 addresses)</li><li id="qsg_0007__en-us_topic_0118534005_li1611612527567">sg-abc (security group)</li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.6.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p611613524569">0.0.0.0/0</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row111615525565"><td class="cellrowborder" valign="top" width="12.7%" headers="mcps1.3.2.2.6.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p1711655217565">Description</p>
</td>
<td class="cellrowborder" valign="top" width="69.3%" headers="mcps1.3.2.2.6.4.2.4.1.2 "><p id="qsg_0007__p15581050104410">Supplementary information about the security group rule. This parameter is optional.</p>
<p id="qsg_0007__p12581350124410">The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (&lt; or &gt;).</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.6.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p3116115216568">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="qsg_0007__en-us_topic_0118534005_li111149545115">On the <strong id="qsg_0007__b048254932716">Outbound Rules</strong> tab, click <strong id="qsg_0007__b1488184914278">Add Rule</strong>. In the displayed dialog box, set required parameters.<p id="qsg_0007__en-us_topic_0118534005_p161151454111115">You can click <strong id="qsg_0007__en-us_topic_0118534005_b842352706174116">+</strong> to add more outbound rules.</p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="qsg_0007__en-us_topic_0118534005_table0614192319232" width="90%" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Outbound rule parameter description</caption><thead align="left"><tr id="qsg_0007__en-us_topic_0118534005_row19614623202312"><th align="left" class="cellrowborder" valign="top" width="12.55%" id="mcps1.3.2.2.7.4.2.4.1.1"><p id="qsg_0007__en-us_topic_0118534005_p361592319230"><strong id="qsg_0007__b882253418290">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="69.45%" id="mcps1.3.2.2.7.4.2.4.1.2"><p id="qsg_0007__en-us_topic_0118534005_p1961514231232"><strong id="qsg_0007__b148275353294">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.2.7.4.2.4.1.3"><p id="qsg_0007__en-us_topic_0118534005_p1061552372311"><strong id="qsg_0007__b133401538192919">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="qsg_0007__en-us_topic_0118534005_row76161523132311"><td class="cellrowborder" rowspan="2" valign="top" width="12.55%" headers="mcps1.3.2.2.7.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p1761652313238">Protocol &amp; Port</p>
<p id="qsg_0007__en-us_topic_0118534005_p4616323182310"></p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.7.4.2.4.1.2 "><p id="qsg_0007__p51231113483"><strong id="qsg_0007__en-us_topic_0118534005_b114706499477">Protocol</strong>: The network protocol. Currently, the value can be <strong id="qsg_0007__en-us_topic_0118534005_b1702754545">All</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b644228391">TCP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b459875901">UDP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b1038361900">ICMP</strong>, <strong id="qsg_0007__en-us_topic_0118534005_b1105987546">GRE</strong>, or others.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.7.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p157082238193">Custom TCP</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row5616723112313"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.7.4.2.4.1.1 "><p id="qsg_0007__p1059311444810"><strong id="qsg_0007__en-us_topic_0118534005_b942314575568">Port</strong>: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535. </p>
</td>
<td class="cellrowborder" valign="top" headers="mcps1.3.2.2.7.4.2.4.1.2 "><p id="qsg_0007__en-us_topic_0118534005_p12616182311235">22, or 22-30</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row2617112315232"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.7.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p15617623172315">Destination</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.7.4.2.4.1.2 "><div class="p" id="qsg_0007__p19953242144716">The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example:<ul id="qsg_0007__en-us_topic_0118534005_ul16177237233"><li id="qsg_0007__en-us_topic_0118534005_li8617323202310">xxx.xxx.xxx.xxx/32 (IPv4 address)</li><li id="qsg_0007__en-us_topic_0118534005_li10617152312231">xxx.xxx.xxx.0/24 (IPv4 address range)</li><li id="qsg_0007__en-us_topic_0118534005_li206171823182318">0.0.0.0/0 (all IPv4 addresses)</li><li id="qsg_0007__en-us_topic_0118534005_li6930529354">sg-abc (security group)</li></ul>
</div>
<p id="qsg_0007__p19541742134718">For more information, see <em id="qsg_0007__i13232198133110">Virtual Private Cloud User Guide</em>.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.7.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p4617102352310">0.0.0.0/0</p>
</td>
</tr>
<tr id="qsg_0007__en-us_topic_0118534005_row196181723162317"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.7.4.2.4.1.1 "><p id="qsg_0007__en-us_topic_0118534005_p2061811237237">Description</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.7.4.2.4.1.2 "><p id="qsg_0007__p123911914114519">Supplementary information about the security group rule. This parameter is optional.</p>
<p id="qsg_0007__p16392314184512">The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (&lt; or &gt;).</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.7.4.2.4.1.3 "><p id="qsg_0007__en-us_topic_0118534005_p20618623202311">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="qsg_0007__en-us_topic_0118534005_li119223164159">Click <strong id="qsg_0007__b8450141519313">OK</strong>.</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="qsg_0001.html">Quick Start</a></div>
</div>
</div>
View Git Blame Copy Permalink