In neutron a security group rule can have different types of "remote" - either a CIDR or another security group. The rule means that your "remote" is another security group - so any VM in security group "default" can reach any port in this security group - so "default" has opened all its ports to members of "default. Reza On 4/11/2016 6:15 PM, Jagga Soorma wrote: > Hi Guys, > > There is a default security group rule that has the following entry: > > -- > Direction: Ingress > Ether Type: IPv4 > IP Protocol: Any > Port Range: Any > Remote Prefix: - > Remote Security Group: default > -- > > Now this makes me think that it should basically allow all ingress > ipv4 traffic (udp & tcp) on any port. However we have to manually > open up ssh for example by adding another rule for port 22 and remote > prefix of 0.0.0.0/0 <http://0.0.0.0/0>. Not sure what a - in the > remote prefix means and why is this rule even there if it does > nothing. Any help understanding this would be appreciated. > > Thanks. > > > > _______________________________________________ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack at lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack/attachments/20160411/8e0aa52a/attachment.html>