<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">I believe you’re thinking about adding 22/tcp (and maybe icmp) to default security group. [1]<div class="">If you don’t specify security group at launch, you will get default security group [2]. Thus every time, you will get ssh access assigned to newly created VM.</div><div class=""><br class=""></div><div class="">[1] <a href="http://docs.rackspace.com/rpc/api/v11/bk-rpc-admin/content/networking-security.html" class="">http://docs.rackspace.com/rpc/api/v11/bk-rpc-admin/content/networking-security.html</a></div><div class="">[2] <a href="http://docs.openstack.org/mitaka/networking-guide/intro-os-networking-overview.html" class="">http://docs.openstack.org/mitaka/networking-guide/intro-os-networking-overview.html</a></div><div class=""><br class=""></div><div class="">Regards,</div><div class="">Darek</div><div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Jul 12, 2016, at 11:13 AM, Turbo Fredriksson <<a href="mailto:turbo@bayour.com" class="">turbo@bayour.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">I noticed today when I created an instance which<br class="">only allowed incoming/outgoing SSH connections<br class=""><br class=""><span class="Apple-tab-span" style="white-space:pre">  </span>• ALLOW IPv4 22/udp to 0.0.0.0/0<br class=""><span class="Apple-tab-span" style="white-space:pre">       </span>• ALLOW IPv4 22/tcp from 0.0.0.0/0<br class=""><br class="">that it failed on the setup of the cloud info.<br class=""><br class="">As in, the "<a href="http://169.254.169.254/2009-04-04/instance-id" class="">http://169.254.169.254/2009-04-04/instance-id</a>"<br class="">request failed (because it couldn't reach 169.254.169.254).<br class=""><br class="">However, if I added a <br class=""><br class=""><span class="Apple-tab-span" style="white-space:pre">     </span>• ALLOW IPv4 80/tcp to 169.254.169.254/32<br class=""><br class="">then it worked..<br class=""><br class="">Which is/was kind'a obvious in retrospect :).<br class=""><br class=""><br class="">Is there a way to specify that a (that) rule should<br class="">ALWAYS be added to an instance, no matter what is<br class="">(or isn't!) selected in the GUI?<br class=""><br class="">As in, in my use-case(s), _ALL_ instances must<br class="">_ALWAYS_ have that latter rule, but I rather not<br class="">have to remember to add it to every security group<br class="">I create (and I already have).<br class="">--<br class="">There are no dumb questions,<br class="">unless a customer is asking them.<br class="">- Unknown<br class=""><br class=""><br class="">_______________________________________________<br class="">Mailing list: <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class="">Post to     : <a href="mailto:openstack@lists.openstack.org" class="">openstack@lists.openstack.org</a><br class="">Unsubscribe : <a href="http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack" class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a><br class=""></div></div></blockquote></div><br class=""></div></body></html>