sgode/virtual-private-cloud
1
0
Fork 0
forked from docs/virtual-private-cloud
Code Pull Requests Activity

Update content

Browse Source
This commit is contained in:
OpenTelekomCloud Proposal Bot 2023-12-14 03:31:40 +00:00
parent 0d97d05836
commit c63034e042
11 changed files with 419 additions and 392 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
umn/source/access_control/firewall/adding_a_firewall_rule.rst
View File

@ -43,17 +43,17 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -62,14 +62,12 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -78,18 +76,16 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **OK**.

28
umn/source/access_control/firewall/modifying_a_firewall_rule.rst
View File

@ -37,17 +37,17 @@ Procedure
.. table:: **Table 1** Parameter descriptions
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+========================+==========================================================================================================================================================================================================================================================================================================================================+=======================+
+========================+=================================================================================================================================================================================================================================================================================================================================+=======================+
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
| | | |
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -56,14 +56,12 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **IP address group**: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -72,18 +70,16 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **IP address group**: The destination is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | Either the source or the destination of a network ACL rule can use the IP address group. For example, if the source uses an IP address group, the destination address cannot use an IP address group. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - IP address group: The source is an IP address group. An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
| | | |
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
7. Click **Confirm**.

36
umn/source/access_control/security_group/adding_a_security_group_rule.rst
View File

@ -71,21 +71,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -93,12 +93,15 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -120,20 +123,20 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -141,11 +144,14 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

20
umn/source/access_control/security_group/allowing_common_ports_with_a_few_clicks.rst
View File

@ -20,23 +20,25 @@ You can configure a security group to allow common ports with a few clicks. This
.. table:: **Table 1** Common ports
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| Direction | Protocol & Port & Type | Source/Destination | Description |
+===========+========================+====================+===================================================================================================================================+
+=================+========================+====================+===================================================================================================================================+
| Inbound | TCP: 22 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 22 (SSH) for remotely logging in to Linux ECSs. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 3389 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 3389 (RDP) for remotely logging in to Windows ECSs. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 80 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 80 (HTTP) for visiting websites. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 443 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over port 443 (HTTPS) for visiting websites. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | TCP: 20-21 (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over ports 20 and 21 (FTP) for uploading or downloading files. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | ICMP: All (IPv4) | 0.0.0.0/0 | Allows all IPv4 addresses to access ECSs in the security group over any port for using the ping command to test ECS connectivity. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| Outbound | All (IPv4) | 0.0.0.0/0 | Allows access from ECSs in the security group to any IP address over any port. |
+-----------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
| | | | |
| | All (IPv6) | ::/0 | |
+-----------------+------------------------+--------------------+-----------------------------------------------------------------------------------------------------------------------------------+
Procedure
---------

30
umn/source/access_control/security_group/fast-adding_security_group_rules.rst
View File

@ -43,33 +43,34 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==============================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================+=======================+
| Protocols and Ports | Common protocols and ports are provided for: | SSH (22) |
| | | |
| | - Remote login and ping | |
| | - Web services | |
| | - Databases | |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
| | | |
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
| | - xxx.xxx.xxx.0/24 (IPv4 address range) | |
| | - 0.0.0.0/0 (all IPv4 addresses) | |
| | - sg-abc (security group) | |
| | - IP address group: ipGroup-test | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | (Optional) Supplementary information about the security group rule. | ``-`` |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
8. Click **OK**.
@ -89,31 +90,32 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=================================================================================================================================================================================+=======================+
+=======================+=======================================================================================================================================================================================================+=======================+
| Protocols and Ports | Common protocols and ports are provided for: | SSH (22) |
| | | |
| | - Remote login and ping | |
| | - Web services | |
| | - Databases | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address, an IP address group, or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
| | | |
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
| | - xxx.xxx.xxx.0/24 (IPv4 address range) | |
| | - 0.0.0.0/0 (all IPv4 addresses) | |
| | - sg-abc (security group) | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | - IP address group: ipGroup-test | |
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | (Optional) Supplementary information about the security group rule. | ``-`` |
| | | |
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
11. Click **OK**.

21
umn/source/access_control/security_group/importing_and_exporting_security_group_rules.rst
View File

@ -51,34 +51,37 @@ Procedure
.. table:: **Table 1** Template parameters
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+====================================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+====================================+
| Direction | The direction in which the security group rule takes effect. | Inbound |
| | | |
| | - **Inbound**: Inbound rules control incoming traffic to instances in the security group. | |
| | - **Outbound**: Outbound rules control outgoing traffic from instances in the security group. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
| | | |
| | - IP address: | |
| | | |
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | ``-`` |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
.. |image1| image:: /_static/images/en-us_image_0141273034.png
.. |image2| image:: /_static/images/en-us_image_0000001675254013.png

16
umn/source/access_control/security_group/security_groups_and_security_group_rules.rst
View File

@ -29,16 +29,16 @@ A security group has inbound and outbound rules to control traffic that's allowe
.. table:: **Table 1** Security group rule information
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Parameter | Description |
+===================================+========================================================================================================================================================================================================================+
+===================================+=====================================================================================================================================================================================================================================+
| Protocol | The network protocol used to match traffic in a security group rule. Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Port | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. |
| | |
| | - Inbound rules control incoming traffic over specific ports to instances in the security group. |
| | - Outbound rules control outgoing traffic over specific ports from instances in the security group. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Source (Inbound) | The source in an inbound rule is used to match the IP address or address range of an external request. The source can be: |
| | |
| | - IP address: |
@ -51,7 +51,9 @@ A security group has inbound and outbound rules to control traffic that's allowe
| | - Security group: You can select another security group in the same region under the current account as the source. |
| | |
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Source** set to security group B, access from instance B is allowed to instance A. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | |
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the source to help you manage them in a more simple way. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Destination (Outbound) | The destination in an outbound rule is used to match the IP address or address range of an internal request. The destination can be: |
| | |
| | - IP address: |
@ -64,7 +66,9 @@ A security group has inbound and outbound rules to control traffic that's allowe
| | - Security group: You can select another security group in the same region under the current account as the destination. |
| | |
| | For example, instance A is in security group A and instance B is in security group B. If security group A has a rule with **Destination** set to security group B, access from instance A is allowed to instance B. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| | |
| | - IP address group: If you have multiple IP address ranges and IP addresses with same security requirements, add them to an IP address group and select the group as the destination to help you manage them in a more simple way. |
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Like whitelists, security group rules work as follows:

6
umn/source/change_history.rst
View File

@ -8,9 +8,13 @@ Change History
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Released On | Description |
+===================================+====================================================================================================================================================================================================================================================================================================================================+
| 2023-12-12 | This release incorporates the following changes: |
| | |
| | Added descriptions about security group and IP address group as source or destination in :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-11-30 | This release incorporates the following changes: |
| | |
| | - Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
| | Added descriptions about IP address groups as source and destination in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| 2023-11-14 | This release incorporates the following changes: |
| | |

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_access_the_internet_using_eips/step_5_add_a_security_group_rule.rst
View File

@ -65,21 +65,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -87,12 +87,15 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -114,20 +117,20 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -135,11 +138,14 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

36
umn/source/getting_started/configuring_a_vpc_for_ecss_that_do_not_require_internet_access/step_4_add_a_security_group_rule.rst
View File

@ -65,21 +65,21 @@ Procedure
.. table:: **Table 1** Inbound rule parameter description
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+==========================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Source | Source of the security group rule. The value can be an IP address, a security group, or an IP address group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
| | | |
@ -87,12 +87,15 @@ Procedure
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
| | | |
| | If the source is a security group, this rule will apply to all instances associated with the selected security group. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.
@ -114,20 +117,20 @@ Procedure
.. table:: **Table 2** Outbound rule parameter description
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Parameter | Description | Example Value |
+=======================+=============================================================================================================================================================================+=======================+
+=======================+====================================================================================================================================================================================================================================================================================================================================================================================================================+=======================+
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
| | | |
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Type | Source IP address version. You can select: | IPv4 |
| | | |
| | - IPv4 | |
| | - IPv6 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
| | | |
| | - IP address: | |
@ -135,11 +138,14 @@ Procedure
| | - Single IP address: 192.168.10.10/32 | |
| | - All IP addresses: 0.0.0.0/0 | |
| | - IP address range: 192.168.1.0/24 | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| | | |
| | - **Security group**: The source is from another security group. You can select a security group in the same region under the current account from the drop-down list. Instance A is in security group A and instance B is in security group B. If security group A has an inbound rule with **Action** set to **Allow** and **Source** set to security group B, access from instance B is allowed to instance A. | |
| | - **IP address group**: An IP address group is a collection of one or more IP addresses. You can select an available IP address group from the drop-down list. An IP address group can help you manage IP address ranges and IP addresses with same security requirements in a more simple way. | |
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
| Description | Supplementary information about the security group rule. This parameter is optional. | N/A |
| | | |
| | The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
#. Click **OK**.

6
umn/source/vpc_flow_log/vpc_flow_log_overview.rst
View File

@ -5,11 +5,13 @@
VPC Flow Log Overview
=====================
What Is a Flow Log?
-------------------
A VPC flow log records information about the traffic going to and from a VPC. VPC flow logs help you monitor network traffic, analyze network attacks, and determine whether security group and firewall rules require modification.
VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. :ref:`Figure 1 <flowlog_0002__fig1535115691415>` shows the process for configuring VPC flow logs.
VPC flow logs must be used together with the Log Tank Service (LTS). Before you create a VPC flow log, you need to create a log group and a log topic in LTS. shows the process for configuring VPC flow logs.
.. _flowlog_0002__fig1535115691415:
.. figure:: /_static/images/en-us_image_0162336264.png
:alt: **Figure 1** Configuring VPC flow logs