yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/vpc/umn/SecurityGroup_0003.html
fanqinying d2f00b744a VPC UMN 20241224 version 
Reviewed-by: Szirovicza Gergő <a94652429@noreply.gitea.eco.tsi-dev.otc-service.com>
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: fanqinying <fanqinying@huawei.com>
Co-committed-by: fanqinying <fanqinying@huawei.com>
2025-09-11 07:29:55 +00:00

152 lines
13 KiB
HTML
Raw Blame History

<a name="SecurityGroup_0003"></a><a name="SecurityGroup_0003"></a>
<h1 class="topictitle1">Default Security Group and Its Rules</h1>
<div id="body1529924412907"><div class="p" id="SecurityGroup_0003__p38211617154214">If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance when you create it. A default security group has the following rules:<ul id="SecurityGroup_0003__ul13643173351019"><li id="SecurityGroup_0003__li164313371013">Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.</li><li id="SecurityGroup_0003__li176437339108">Outbound rules allow all outbound traffic and response traffic to the outbound requests.</li></ul>
</div>
<div class="fignone" id="SecurityGroup_0003__fig997718156161"><span class="figcap"><b>Figure 1 </b>Default security group</span><br><span><img class="eddx" id="SecurityGroup_0003__image22171236172514" src="en-us_image_0000001865662829.png"></span></div>
<div class="note" id="SecurityGroup_0003__note154069174516"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="SecurityGroup_0003__ul13707733161311"><li id="SecurityGroup_0003__li04874352138">You cannot delete the default security group, but you can modify existing rules or add rules to the group.</li><li id="SecurityGroup_0003__li131365102713">The default security group denies all external requests. To log in to an instance associated with this security group, add a security group rule by referring to <a href="en-us_topic_0081124350.html#en-us_topic_0081124350__section14933617154810">Remotely Logging In to an ECS from a Local Server</a>.</li></ul>
</div></div>
<p id="SecurityGroup_0003__p14738751115618"><a href="#SecurityGroup_0003__table694213763818">Table 1</a> describes the default rules for the default security group.</p>
<div class="tablenoborder"><a name="SecurityGroup_0003__table694213763818"></a><a name="table694213763818"></a><table cellpadding="4" cellspacing="0" summary="" id="SecurityGroup_0003__table694213763818" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Rules in the default security group</caption><thead align="left"><tr id="SecurityGroup_0003__row11942157113816"><th align="left" class="cellrowborder" valign="top" width="11.16%" id="mcps1.3.5.2.7.1.1"><p id="SecurityGroup_0003__p2094287123813">Direction</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="6.84%" id="mcps1.3.5.2.7.1.2"><p id="SecurityGroup_0003__p15942147103814">Action</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="7.51%" id="mcps1.3.5.2.7.1.3"><p id="SecurityGroup_0003__p294210743813">Type</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="9.969999999999999%" id="mcps1.3.5.2.7.1.4"><p id="SecurityGroup_0003__p13942207103810">Protocol &amp; Port</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18.69%" id="mcps1.3.5.2.7.1.5"><p id="SecurityGroup_0003__p149421372388">Source/Destination</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="45.83%" id="mcps1.3.5.2.7.1.6"><p id="SecurityGroup_0003__p1494227183814">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="SecurityGroup_0003__row73081221145911"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p612702995914">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p877643817595">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p19776838185913">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p43081921165915">TCP: 22</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p2308142116594">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p12308921185918">Allows IPv4 traffic to reach instances in the security group over SSH port 22 for remotely logging in to Linux instances.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row230819219599"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p469922918598">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p34171440205920">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p241704005916">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p1930862118593">TCP: 3389</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p473216401330">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p153081214599">Allows IPv4 traffic to reach instances in the security group over RDP port 3389 for remotely logging in to Windows instances.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row1530892114597"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p1427113025911">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p528164105910">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p1928194118599">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p1930812185916">TCP: 80</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p43517411537">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p14308921155911">Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTP port 80.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row7308321165918"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p1284823095918">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p0513194195917">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p151320411596">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p193081821105916">TCP: 443</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p451424318">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p1666517281025">Allows IPv4 traffic to reach the websites deployed on the instances in the security group over HTTPS port 443.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row93081121185912"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p17391143185910">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p1122104216597">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p12122144210591">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p3308162117591">ICMP: all</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p19578542738">Source: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p430882115916">Allows external IPv4 servers to ping the instances in the security group to verify the network connectivity.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row894227123820"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p12942873381">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p19422073386">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p69421179387">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p14942678389">All</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p7942874381">Source: Default security group (default)</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p13942177153812">Allows IPv4 instances in the security group to communicate with each other using any protocol over any port.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row10942870383"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p129421171386">Inbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p2094257113813">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p9942176389">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p994207193811">All</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p119428723813">Source: Default security group (default)</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p49424743816">Allows IPv6 instances in the security group to communicate with each other using any protocol over any port.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row69425703815"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p159421719386">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p11942127133810">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p159428720381">IPv4</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p139421677384">All</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p1894218715380">Destination: 0.0.0.0/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p199421720389">Allows all traffic from the instances in the security group to any IPv4 address over any port.</p>
</td>
</tr>
<tr id="SecurityGroup_0003__row1194215753819"><td class="cellrowborder" valign="top" width="11.16%" headers="mcps1.3.5.2.7.1.1 "><p id="SecurityGroup_0003__p129424753815">Outbound</p>
</td>
<td class="cellrowborder" valign="top" width="6.84%" headers="mcps1.3.5.2.7.1.2 "><p id="SecurityGroup_0003__p209427715382">Allow</p>
</td>
<td class="cellrowborder" valign="top" width="7.51%" headers="mcps1.3.5.2.7.1.3 "><p id="SecurityGroup_0003__p14942673385">IPv6</p>
</td>
<td class="cellrowborder" valign="top" width="9.969999999999999%" headers="mcps1.3.5.2.7.1.4 "><p id="SecurityGroup_0003__p5942977385">All</p>
</td>
<td class="cellrowborder" valign="top" width="18.69%" headers="mcps1.3.5.2.7.1.5 "><p id="SecurityGroup_0003__p1594257103814">Destination: ::/0</p>
</td>
<td class="cellrowborder" valign="top" width="45.83%" headers="mcps1.3.5.2.7.1.6 "><p id="SecurityGroup_0003__p494218715386">Allows all traffic from the instances in the security group to any IPv6 address over any port.</p>
</td>
</tr>
</tbody>
</table>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="vpc_SecurityGroup_0001.html">Security Group</a></div>
</div>
</div>
View Git Blame Copy Permalink