[Openstack] security group rules

Sławek Kapłoński slawek at kaplonski.pl
Tue Apr 12 05:10:58 UTC 2016


Hello,

To be little bit more precise it allows AFAIK ingress from all instances 
(ports) which have got same security group.

-- 
Pozdrawiam / Best regards
Sławek Kapłoński
slawek at kaplonski.pl

Dnia poniedziałek, 11 kwietnia 2016 21:32:55 CEST Remo Mattei pisze:
> it says default not 0/0 which is not from anywhere.
> 
> So that applies only for the local network (default)
> 
> > On Apr 11, 2016, at 21:15, Jagga Soorma <jagga13 at gmail.com> wrote:
> > 
> > Hi Guys,
> > 
> > There is a default security group rule that has the following entry:
> > 
> > --
> > Direction: Ingress
> > Ether Type: IPv4
> > IP Protocol: Any
> > Port Range: Any
> > Remote Prefix: -
> > Remote Security Group: default
> > --
> > 
> > Now this makes me think that it should basically allow all ingress ipv4
> > traffic (udp & tcp) on any port.  However we have to manually open up ssh
> > for example by adding another rule for port 22 and remote prefix of
> > 0.0.0.0/0 <http://0.0.0.0/0>.  Not sure what a - in the remote prefix
> > means and why is this rule even there if it does nothing.  Any help
> > understanding this would be appreciated.
> > 
> > Thanks.
> > 
> > !DSPAM:1,570c4ff2121991933018292!
> > _______________________________________________ Mailing list:
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to    
> > : openstack at lists.openstack.org
> > Unsubscribe :
> > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> > 
> > 
> > !DSPAM:1,570c4ff2121991933018292!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160412/619c5178/attachment.sig>


More information about the Openstack mailing list