[Openstack] security group rules
Sławek Kapłoński
slawek at kaplonski.pl
Tue Apr 12 05:10:58 UTC 2016
Hello,
To be little bit more precise it allows AFAIK ingress from all instances
(ports) which have got same security group.
--
Pozdrawiam / Best regards
Sławek Kapłoński
slawek at kaplonski.pl
Dnia poniedziałek, 11 kwietnia 2016 21:32:55 CEST Remo Mattei pisze:
> it says default not 0/0 which is not from anywhere.
>
> So that applies only for the local network (default)
>
> > On Apr 11, 2016, at 21:15, Jagga Soorma <jagga13 at gmail.com> wrote:
> >
> > Hi Guys,
> >
> > There is a default security group rule that has the following entry:
> >
> > --
> > Direction: Ingress
> > Ether Type: IPv4
> > IP Protocol: Any
> > Port Range: Any
> > Remote Prefix: -
> > Remote Security Group: default
> > --
> >
> > Now this makes me think that it should basically allow all ingress ipv4
> > traffic (udp & tcp) on any port. However we have to manually open up ssh
> > for example by adding another rule for port 22 and remote prefix of
> > 0.0.0.0/0 <http://0.0.0.0/0>. Not sure what a - in the remote prefix
> > means and why is this rule even there if it does nothing. Any help
> > understanding this would be appreciated.
> >
> > Thanks.
> >
> > !DSPAM:1,570c4ff2121991933018292!
> > _______________________________________________ Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to
> > : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> >
> >
> > !DSPAM:1,570c4ff2121991933018292!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160412/619c5178/attachment.sig>
More information about the Openstack
mailing list