<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
In neutron a security group rule can have different types of
"remote" - either a CIDR or another security group.<br>
<br>
The rule means that your "remote" is another security group - so any
VM in security group "default" can reach any port in this security
group - so "default" has opened all its ports to members of
"default.<br>
<br>
Reza<br>
<br>
<div class="moz-cite-prefix">On 4/11/2016 6:15 PM, Jagga Soorma
wrote:<br>
</div>
<blockquote
cite="mid:CAKyjK50pEmBBNydTE+3jamaEXFTamBRT1g-j9XdZTc0VN4Ljgw@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Guys,
<div><br>
</div>
<div>There is a default security group rule that has the
following entry:</div>
<div><br>
</div>
<div>--</div>
Direction: Ingress<br>
Ether Type: IPv4<br>
IP Protocol: Any<br>
Port Range: Any<br>
Remote Prefix: -<br>
Remote Security Group: default
<div>--</div>
<div><br>
</div>
<div>Now this makes me think that it should basically allow all
ingress ipv4 traffic (udp & tcp) on any port. However we
have to manually open up ssh for example by adding another
rule for port 22 and remote prefix of <a
moz-do-not-send="true" href="http://0.0.0.0/0">0.0.0.0/0</a>.
Not sure what a - in the remote prefix means and why is this
rule even there if it does nothing. Any help understanding
this would be appreciated.</div>
<div><br>
</div>
<div>Thanks.</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Mailing list: <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
Post to : <a class="moz-txt-link-abbreviated" href="mailto:openstack@lists.openstack.org">openstack@lists.openstack.org</a>
Unsubscribe : <a class="moz-txt-link-freetext" href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
</pre>
</blockquote>
<br>
</body>
</html>