yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
8f01f116a5ad22cc6ad22bdf6cdc797063a2f5f1
doc-exports/docs/ecs/umn/en-us_topic_0030878383.html
wanghuijuan738 8f01f116a5 ECS UMN 20260514 version. Added X1m instance specifications. 
Reviewed-by: Pristromskaia, Margarita <margarita.pristromskaia@t-systems.com>
Co-authored-by: wanghuijuan738 <wanghuijuan738@huawei.com>
Co-committed-by: wanghuijuan738 <wanghuijuan738@huawei.com>
2026-05-18 09:03:42 +00:00

174 lines
30 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0030878383"></a><a name="EN-US_TOPIC_0030878383"></a>
<h1 class="topictitle1">Configuring Security Group Rules</h1>
<div id="body8662426"><div class="section" id="EN-US_TOPIC_0030878383__en-us_topic_0029320966_section35030493215147"><h4 class="sectiontitle">Scenarios</h4><p id="EN-US_TOPIC_0030878383__p119194618131">Similar to firewall, a security group is a logical group used to control network access. You can define access rules for a security group to protect the <span id="EN-US_TOPIC_0030878383__text717845182318">ECS</span>s that are added to this security group.</p>
<ul id="EN-US_TOPIC_0030878383__ul1499818151265"><li id="EN-US_TOPIC_0030878383__li169988152261">Inbound: Inbound rules allow external network traffic to be sent to the <span id="EN-US_TOPIC_0030878383__text6334450160">ECS</span>s in the security group.</li><li id="EN-US_TOPIC_0030878383__li1399891572612">Outbound: Outbound rules allow network traffic from the <span id="EN-US_TOPIC_0030878383__text16112155519169">ECS</span>s in the security group to be sent out of the security group.</li></ul>
<p id="EN-US_TOPIC_0030878383__p91319310819">For details about the default security group rules, see <em id="EN-US_TOPIC_0030878383__i842352697143119">Virtual Private Cloud User Guide</em>. For details about configuration examples for security group rules, see <a href="en-us_topic_0140323152.html">Security Group Configuration Examples</a>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0030878383__en-us_topic_0029320966_section40712064223843"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0030878383__en-us_topic_0029320966_ol291224422402"><li id="EN-US_TOPIC_0030878383__li219527171617">Log in to the management console.</li><li id="EN-US_TOPIC_0030878383__li464234814566">Click <span><img id="EN-US_TOPIC_0030878383__en-us_topic_0000001825604541_image9499446838" src="en-us_image_0000002188678994.png"></span> in the upper left corner and select a region and project.</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0029320966_li50026016224047">Under <strong id="EN-US_TOPIC_0030878383__b10765121019226"><span id="EN-US_TOPIC_0030878383__text177659107229">Computing</span></strong>, click <strong id="EN-US_TOPIC_0030878383__b77651910162212">Elastic Cloud Server</strong>.</li><li id="EN-US_TOPIC_0030878383__li34401539214315">On the <strong id="EN-US_TOPIC_0030878383__b9251123218404">Elastic Cloud Server</strong> page, click the name of the target <span id="EN-US_TOPIC_0030878383__text10144144802310">ECS</span>.<p id="EN-US_TOPIC_0030878383__p19982029214319">The <span id="EN-US_TOPIC_0030878383__text851815961111">ECS</span> details page is displayed.</p>
</li><li id="EN-US_TOPIC_0030878383__li45534692214355">Click the <strong id="EN-US_TOPIC_0030878383__b8423527069595">Security Groups</strong> tab, expand the information of the security group, and view security group rules.</li><li id="EN-US_TOPIC_0030878383__li2997365821442">Click the security group ID.<p id="EN-US_TOPIC_0030878383__p5857465521443"><a name="EN-US_TOPIC_0030878383__li2997365821442"></a><a name="li2997365821442"></a>The system automatically switches to the security group details page.</p>
</li><li id="EN-US_TOPIC_0030878383__li17484122410232">On the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b2415741194114">Inbound Rules</strong> tab, click <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b10415541124113">Add Rule</strong>.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1442168204914">The <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b842352706101549">Add Inbound Rule</strong> dialog box is displayed.</p>
</li><li id="EN-US_TOPIC_0030878383__li795013166306">Configure required parameters.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p10544530320"><a name="EN-US_TOPIC_0030878383__li795013166306"></a><a name="li795013166306"></a>You can click <strong id="EN-US_TOPIC_0030878383__b21273818145">+</strong> to add more inbound rules.</p>
<div class="fignone" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_fig1786518124129"><span class="figcap"><b>Figure 1 </b>Adding inbound rules</span><br><span><img id="EN-US_TOPIC_0030878383__image42921342115516" src="en-us_image_0000002385340709.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_table111445216564" width="90%" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Inbound rule parameter description</caption><thead align="left"><tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row939234412443"><th align="left" class="cellrowborder" valign="top" width="12.67%" id="mcps1.3.2.2.8.3.2.4.1.1"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p18392194484413"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b583091102">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="69.33%" id="mcps1.3.2.2.8.3.2.4.1.2"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1639234444413"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b703828526">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.2.8.3.2.4.1.3"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1739294416447"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b620037618">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row14392174419445"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p539213442445">Priority</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p20392144415441">The security group rule priority.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p15392174410444">The priority value ranges from 1 to 100. The default value is 1, which has the highest priority. The security group rule with a smaller value has a higher priority.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p173921044104415">1</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row10392124412442"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p103923441441">Action</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p123921244154413">The value can be <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1522795213421">Allow</strong> or <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b922865264219">Deny</strong>.<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul173921244154419"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li133928447440">If the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1659056719">Action</strong> is set to <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b2142647034">Allow</strong>, traffic is allowed to access the cloud servers in the security group over specified ports.</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li1439264484414">If the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1142394704416">Action</strong> is set to <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b13423164734419">Deny</strong>, traffic is denied to access the cloud servers in the security group over specified ports.</li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1239244454416">Allow</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row2039215444442"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1739213441444">Type</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p2392134424415">Source IP address version. You can select:<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul53921344114419"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li163926444449"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b872152918466">IPv4</strong></li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li6392164474416"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b341813144616">IPv6</strong></li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p539204412449">IPv4</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row133928449443"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p17593124290">Protocol &amp; Port</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p158701658142018">The network protocol and port used to match traffic in a security group rule.</p>
<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul1090172341912"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li159012311196">The network protocol used to match traffic in a security group rule.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p0411118121915"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li159012311196"></a><a name="en-us_topic_0000001865662329_li159012311196"></a>Currently, the value can be <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b158632039175720">All</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b148632394578">TCP</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b108631139175712">UDP</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b128631398576">GRE</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b5863123920570">ICMP</strong>, or more.</p>
</li></ul>
<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul476152618196"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li1777192613197">Port used to match traffic in a security group rule. The value can be from 1 to 65535.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p956614182484"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li1777192613197"></a><a name="en-us_topic_0000001865662329_li1777192613197"></a>The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535.</p>
</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p2616162014">Protocol: TCP</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p63930445443">Port: 22, 22-30</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row15393194404419"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p13393194474411">Source</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1639364464420">Used to match the IP address or address range of an external request. The source can be:<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul203934448442"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li139304415443"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b184681775221">IP address</strong>: <ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul203931144154410"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li439374416446">A single IP address: IP address/mask<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p11393944194417"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li439374416446"></a><a name="en-us_topic_0000001865662329_li439374416446"></a>Example IPv4 address: 192.168.10.10/32</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p33931844104412">Example IPv6 address: 2002:50::44/128</p>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li539311445444">IP address range in CIDR notation: IP address/mask<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p739319446449"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li539311445444"></a><a name="en-us_topic_0000001865662329_li539311445444"></a>Example IPv4 address range: 192.168.52.0/24</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1139320444447">Example IPv6 address range: 2407:c080:802:469::/64</p>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li4393184411443">All IP addresses<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p4393114414444"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li4393184411443"></a><a name="en-us_topic_0000001865662329_li4393184411443"></a>0.0.0.0/0 represents all IPv4 addresses.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p43931244154411">::/0 represents all IPv6 addresses.</p>
</li></ul>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li439304412448"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b10231339172319">Security group</strong>: The source is from another security group. You can select a security group in the same region from the drop-down list. If there is instance A in security group A and instance B in security group B, and the inbound rule of security group A allows traffic from security group B, traffic is allowed from instance B to instance A.</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li0393194415446"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1449691308">IP address group</strong>: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a simpler way.</li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p133931944134411">IP address</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p673734454417">192.168.52.0/24,10.0.0.0/24</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row63931044124411"><td class="cellrowborder" valign="top" width="12.67%" headers="mcps1.3.2.2.8.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p83931944154418">Description</p>
</td>
<td class="cellrowborder" valign="top" width="69.33%" headers="mcps1.3.2.2.8.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p19393124424414">Supplementary information about the security group rule. This parameter is optional.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p173931244154414">The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (&lt; or &gt;).</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.8.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1839344410440">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0030878383__li102852051142511">Click <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1767252314541">OK</strong>.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p58147211519">The inbound rule list is displayed.</p>
</li><li id="EN-US_TOPIC_0030878383__li1785792132718">On the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b13724733155411">Outbound Rules</strong> tab, click <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b872414332543">Add Rule</strong>.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1964712134312">The <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b2331161125617">Add Outbound Rule</strong> dialog box is displayed.</p>
</li><li id="EN-US_TOPIC_0030878383__li9367915133218">Configure required parameters.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p161151454111115"><a name="EN-US_TOPIC_0030878383__li9367915133218"></a><a name="li9367915133218"></a>You can click <strong id="EN-US_TOPIC_0030878383__b4882431224550">+</strong> to add more outbound rules.</p>
<div class="fignone" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_fig11809848184019"><span class="figcap"><b>Figure 2 </b>Adding outbound rules</span><br><span><img id="EN-US_TOPIC_0030878383__image1150815492586" src="en-us_image_0000002385382577.png" title="Click to enlarge" class="imgResize"></span></div>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_table0614192319232" width="90%" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Outbound rule parameter description</caption><thead align="left"><tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row19614623202312"><th align="left" class="cellrowborder" valign="top" width="12.55%" id="mcps1.3.2.2.11.3.2.4.1.1"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p361592319230"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b977522780">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="69.45%" id="mcps1.3.2.2.11.3.2.4.1.2"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1961514231232"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1520922469">Description</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.2.2.11.3.2.4.1.3"><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1061552372311"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b78071625745">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row176159232238"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p461592313236">Priority</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p050041314189">The security group rule priority.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p206155235231">The priority value ranges from 1 to 100. The default value is 1, which has the highest priority. The security group rule with a smaller value has a higher priority.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1361515237237">1</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row96151423132318"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p186151423182317">Action</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p5573123511176">Allow or Deny<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul1357316358171"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li12573935151710">If the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b152118268116">Action</strong> is set to <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1521142621113">Allow</strong>, access from ECSs in the security group is allowed to the destination over specified ports.</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li3131196111919">If the <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b14355162381213">Action</strong> is set to <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b14356182313123">Deny</strong>, access from ECSs in the security group is denied to the destination over specified ports.</li></ul>
</div>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p0306172810410">Deny rules take precedence over allow rules of the same priority.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p196161230233">Allow</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row5616723112313"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1989811410261">Protocol &amp; Port</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p189181317173319">The network protocol and port used to match traffic in a security group rule.</p>
<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul027691283216"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li22761212103215">The network protocol used to match traffic in a security group rule.<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p3613392322"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li22761212103215"></a><a name="en-us_topic_0000001865662329_li22761212103215"></a>Currently, the value can be <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b67445445718">All</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b12741354135712">TCP</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1774155411574">UDP</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b97417545576">GRE</strong>, <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1174155465718">ICMP</strong>, or more.</p>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li1479431651515">The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1023722712338">Protocol: TCP</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p12616182311235">22, 22-30</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row376117357485"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p13474113764814">Type</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p841920163117">Source IP address version. You can select:<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul12419201617115"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li114198165111"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b9987229184612">IPv4</strong></li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li9419191619118"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b593712317469">IPv6</strong></li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p1647423715486">IPv4</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row15702123318456"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p2898143184510">Destination</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><div class="p" id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p12898164384513">The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be:<ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul16898144344515"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li189874334519"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b2043621020199">IP address</strong>: <ul id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_ul178981243184520"><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li17585199418">Single IP address: IP address/mask<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p152281816144113"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li17585199418"></a><a name="en-us_topic_0000001865662329_en-us_topic_0118534005_li17585199418"></a>Example IPv4 address: 192.168.10.10/32</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p1415851120418">Example IPv6 address: 2002:50::44/128</p>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li18539142084119">IP address range in CIDR notation: IP address/mask<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p18460438204116"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li18539142084119"></a><a name="en-us_topic_0000001865662329_en-us_topic_0118534005_li18539142084119"></a>Example IPv4 address range: 192.168.52.0/24</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p1677313615411">Example IPv6 address range: 2407:c080:802:469::/64</p>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li06725421419">All IP addresses<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p16868743104112"><a name="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_li06725421419"></a><a name="en-us_topic_0000001865662329_en-us_topic_0118534005_li06725421419"></a>0.0.0.0/0 represents all IPv4 addresses.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_en-us_topic_0118534005_p102143157544">::/0 represents all IPv6 addresses.</p>
</li></ul>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li8898164344512"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b122376283198">Security group</strong>: The destination is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an outbound rule with <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b185236406198">Action</strong> set to <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1252318404194">Allow</strong> and <strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1524540181916">Destination</strong> set to security group B, access from instance A is allowed to instance B.</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_li18898543134513"><strong id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_b1562712382010">IP address group</strong>: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a simpler way.</li></ul>
</div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p5898443194515">IP address: 0.0.0.0/0</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_row196181723162317"><td class="cellrowborder" valign="top" width="12.55%" headers="mcps1.3.2.2.11.3.2.4.1.1 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p2061811237237">Description</p>
</td>
<td class="cellrowborder" valign="top" width="69.45%" headers="mcps1.3.2.2.11.3.2.4.1.2 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p0618182392312">Supplementary information about the security group rule. This parameter is optional.</p>
<p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p16618823192317">The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (&lt; or &gt;).</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.2.2.11.3.2.4.1.3 "><p id="EN-US_TOPIC_0030878383__en-us_topic_0000001865662329_p20618623202311">N/A</p>
</td>
</tr>
</tbody>
</table>
</div>
</li><li id="EN-US_TOPIC_0030878383__en-us_topic_0029320966_li4993084123250">Click <strong id="EN-US_TOPIC_0030878383__b8423527061928">OK</strong> to complete the security rule configuration.</li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="en-us_topic_0140323151.html">Security Groups</a></div>
</div>
</div>
<script language="JavaScript">
<!--
image_size('.imgResize');
var msg_imageMax = "view original image";
var msg_imageClose = "close";
//--></script>
View Git Blame Copy Permalink