forked from docs/virtual-private-cloud
Update content
This commit is contained in:
parent
fd5fb0dad4
commit
cf2e2db10e
BIN
umn/source/_static/images/en-us_image_0000001650535960.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001650535960.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 36 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 128 B |
BIN
umn/source/_static/images/en-us_image_0000001678437642.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001678437642.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 38 KiB |
BIN
umn/source/_static/images/en-us_image_0000001699135873.png
Normal file
BIN
umn/source/_static/images/en-us_image_0000001699135873.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 18 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 16 KiB |
BIN
umn/source/_static/images/en-us_image_0162733894.png
Normal file
BIN
umn/source/_static/images/en-us_image_0162733894.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 13 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 39 KiB After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 27 KiB After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 28 KiB After Width: | Height: | Size: 22 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 457 B |
Binary file not shown.
|
Before Width: | Height: | Size: 20 KiB After Width: | Height: | Size: 16 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 19 KiB |
@ -14,7 +14,7 @@ For details, see :ref:`Figure 1 <en-us_topic_0052003963__fig9582182315479>`.
|
|||||||
|
|
||||||
.. _en-us_topic_0052003963__fig9582182315479:
|
.. _en-us_topic_0052003963__fig9582182315479:
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0148244691.png
|
.. figure:: /_static/images/en-us_image_0000001699135873.png
|
||||||
:alt: **Figure 1** Security groups and firewalls
|
:alt: **Figure 1** Security groups and firewalls
|
||||||
|
|
||||||
**Figure 1** Security groups and firewalls
|
**Figure 1** Security groups and firewalls
|
||||||
|
|||||||
@ -43,51 +43,49 @@ Procedure
|
|||||||
|
|
||||||
.. table:: **Table 1** Parameter descriptions
|
.. table:: **Table 1** Parameter descriptions
|
||||||
|
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+========================+===================================================================================================================================================================================================================+=======================+
|
+========================+========================================================================================================================================================================================+=======================+
|
||||||
| Priority | Priority of a firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
|
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled |
|
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - Security group: sg-A | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | - Security group: sg-A | |
|
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - Security group: sg-A | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | - Security group: sg-A | |
|
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
|
|
||||||
7. Click **OK**.
|
7. Click **OK**.
|
||||||
|
|
||||||
|
|||||||
@ -10,6 +10,8 @@ Scenarios
|
|||||||
|
|
||||||
You can create a custom firewall. By default, a newly created firewall is disabled and has no inbound or outbound rules, or any subnets associated.
|
You can create a custom firewall. By default, a newly created firewall is disabled and has no inbound or outbound rules, or any subnets associated.
|
||||||
|
|
||||||
|
By default, you can create a maximum of 200 firewalls in a region.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|
||||||
|
|||||||
@ -8,7 +8,7 @@ Enabling or Disabling a Firewall
|
|||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
After a firewall is created, you may need to enable it based on network security requirements. You can also disable an enabled firewall if need. Before enabling a firewall, ensure that subnets have been associated with the firewall and that inbound and outbound rules have been added to the firewall.
|
After a firewall is created, you may need to enable it based on network security requirements. You can also disable an enabled firewall if needed. Before enabling a firewall, ensure that subnets have been associated with the firewall and that inbound and outbound rules have been added to the firewall.
|
||||||
|
|
||||||
When a firewall is disabled, custom rules will become invalid while default rules still take effect. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules <acl_0001__section99541345213>`.
|
When a firewall is disabled, custom rules will become invalid while default rules still take effect. Disabling a firewall may interrupt network traffic. For information about the default firewall rules, see :ref:`Default Firewall Rules <acl_0001__section99541345213>`.
|
||||||
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@ You might want to block TCP port 445 to protect against the WannaCry ransomware
|
|||||||
|
|
||||||
Firewall Configuration
|
Firewall Configuration
|
||||||
|
|
||||||
:ref:`Table 1 <acl_0002__table553618145582>` lists the required rules.
|
:ref:`Table 1 <acl_0002__table553618145582>` lists the inbound rules required.
|
||||||
|
|
||||||
.. _acl_0002__table553618145582:
|
.. _acl_0002__table553618145582:
|
||||||
|
|
||||||
@ -35,7 +35,7 @@ Firewall Configuration
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
- By default, a firewall denies all inbound traffic. You need to allow all inbound traffic if necessary.
|
- By default, a firewall denies all inbound traffic. You can add a rule to allow all inbound traffic if necessary.
|
||||||
- If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`.
|
- If you want a deny rule to be matched first, insert the deny rule above the allow rule. For details, see :ref:`Changing the Sequence of a Firewall Rule <vpc_acl_0004>`.
|
||||||
|
|
||||||
.. _acl_0002__section61291659102216:
|
.. _acl_0002__section61291659102216:
|
||||||
@ -47,7 +47,7 @@ In this example, an ECS in a subnet is used as the web server, and you need to a
|
|||||||
|
|
||||||
Firewall Configuration
|
Firewall Configuration
|
||||||
|
|
||||||
:ref:`Table 2 <acl_0002__table195634095313>` lists the inbound rule required.
|
:ref:`Table 2 <acl_0002__table195634095313>` lists the inbound and outbound rules required.
|
||||||
|
|
||||||
.. _acl_0002__table195634095313:
|
.. _acl_0002__table195634095313:
|
||||||
|
|
||||||
|
|||||||
@ -11,7 +11,7 @@ A firewall is an optional layer of security for your subnets. After you associat
|
|||||||
|
|
||||||
.. _acl_0001__fig9582182315479:
|
.. _acl_0001__fig9582182315479:
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0148244691.png
|
.. figure:: /_static/images/en-us_image_0000001699135873.png
|
||||||
:alt: **Figure 1** Security groups and firewalls
|
:alt: **Figure 1** Security groups and firewalls
|
||||||
|
|
||||||
**Figure 1** Security groups and firewalls
|
**Figure 1** Security groups and firewalls
|
||||||
|
|||||||
@ -37,51 +37,49 @@ Procedure
|
|||||||
|
|
||||||
.. table:: **Table 1** Parameter descriptions
|
.. table:: **Table 1** Parameter descriptions
|
||||||
|
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+========================+===================================================================================================================================================================================================================+=======================+
|
+========================+========================================================================================================================================================================================+=======================+
|
||||||
| Priority | Priority of a firewall rule. A smaller priority value represents a higher priority. Each network ACL includes a default rule whose priority value is an asterisk (``*``). Default rules have the lowest priority. | 3 |
|
| Type | The firewall type. This parameter is mandatory. You can select a value from the drop-down list. Currently, only **IPv4** and **IPv6** are supported. | IPv4 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Status | Status of a firewall. When you add a rule to it, its default status is **Enabled**. | Enabled |
|
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Action | The action in the firewall. This parameter is mandatory. You can select a value from the drop-down list. Currently, the value can be **Allow** or **Deny**. | Allow |
|
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Protocol | The protocol supported by the firewall. This parameter is mandatory. You can select a protocol from the drop-down list. | TCP |
|
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You can select **TCP**, **UDP**, **ICMP**, or **All**. | |
|
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Source | The source from which the traffic is allowed. The source can be an IP address or IP address range. | 0.0.0.0/0 |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - Security group: sg-A | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | - Security group: sg-A | |
|
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Source Port Range | The source port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Destination | The destination to which the traffic is allowed. The destination can be an IP address or IP address range. | 0.0.0.0/0 |
|
| | - IP address: | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - IP address: | |
|
| | - Single IP address: 192.168.10.10/32 | |
|
||||||
| | | |
|
| | - All IP addresses: 0.0.0.0/0 | |
|
||||||
| | - Single IP address: 192.168.10.10/32 | |
|
| | - IP address range: 192.168.1.0/24 | |
|
||||||
| | - All IP addresses: 0.0.0.0/0 | |
|
| | | |
|
||||||
| | - IP address range: 192.168.1.0/24 | |
|
| | - Security group: sg-A | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | - Security group: sg-A | |
|
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Destination Port Range | The destination port number or port number range. The value ranges from 1 to 65535. For a port number range, enter two port numbers connected by a hyphen (-). For example, **1-100**. | 22, or 22-30 |
|
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | You must specify this parameter if **TCP** or **UDP** is selected for **Protocol**. | |
|
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
| | | |
|
||||||
| Description | Supplementary information about the firewall rule. This parameter is optional. | N/A |
|
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
||||||
| | | |
|
+------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | The description can contain a maximum of 255 characters and cannot contain angle brackets (< or >). | |
|
|
||||||
+------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
|
|
||||||
7. Click **Confirm**.
|
7. Click **Confirm**.
|
||||||
|
|
||||||
|
|||||||
@ -10,13 +10,19 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Like whitelists, security group rules work as follows:
|
Like whitelists, security group rules work as follows:
|
||||||
|
|
||||||
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
|
- Inbound rules control incoming traffic to instances in the security group.
|
||||||
|
|
||||||
|
If an inbound request matches the source in an inbound security group rule, the request is allowed and other requests are denied.
|
||||||
|
|
||||||
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
||||||
|
|
||||||
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
|
- Outbound rules control outgoing traffic from instances in the security group.
|
||||||
|
|
||||||
|
If the destination of an outbound security group rule is 0.0.0.0/0, all outbound requests are allowed.
|
||||||
|
|
||||||
0.0.0.0/0 represents all IPv4 addresses.
|
0.0.0.0/0 represents all IPv4 addresses.
|
||||||
|
|
||||||
@ -27,7 +33,7 @@ If the rules of the security group associated with your instance cannot meet you
|
|||||||
Security Group Rule Configuration Examples
|
Security Group Rule Configuration Examples
|
||||||
------------------------------------------
|
------------------------------------------
|
||||||
|
|
||||||
- The system provides a default security group. For details about the default security group rules, see :ref:`Default Security Group <securitygroup_0003>`. If the default security group rules cannot meet your requirements, you can modify them.
|
- The system provides a default security group. For details about the default security group rules, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`. If the default security group rules cannot meet your requirements, you can modify them.
|
||||||
- Before configuring security group rules, you need to plan access policies for instances in the security group. For details about common security group rule configuration examples, see :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`.
|
- Before configuring security group rules, you need to plan access policies for instances in the security group. For details about common security group rule configuration examples, see :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
@ -68,15 +74,16 @@ Procedure
|
|||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+==========================================================================================================================================================================+=======================+
|
+=======================+==========================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Inbound rules control incoming traffic over specific ports to instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
@ -118,15 +125,16 @@ Procedure
|
|||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+=============================================================================================================================================================================+=======================+
|
+=======================+=============================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Outbound rules control outgoing traffic over specific ports from instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
|
|||||||
@ -8,12 +8,13 @@ Adding an Instance to or Removing an Instance from a Security Group
|
|||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
After a security group is created, you can add instances to the security group to protect the instances. You can also remove them from the security group as required.
|
When you create an instance, the system automatically adds the instance to a security group for protection.
|
||||||
|
|
||||||
You can add multiple instances to or remove them from a security group.
|
- If one security group cannot meet your requirements, you can add an instance to multiple security groups.
|
||||||
|
- An instance must be added to at least one security group. If you want to change the security group for an instance, you can add the instance to a new security group and then remove the instance from the original security group.
|
||||||
|
|
||||||
Adding Instances to a Security Group
|
Adding an Instance to a Security Group
|
||||||
------------------------------------
|
--------------------------------------
|
||||||
|
|
||||||
#. Log in to the management console.
|
#. Log in to the management console.
|
||||||
|
|
||||||
@ -25,16 +26,26 @@ Adding Instances to a Security Group
|
|||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column.
|
The security group list is displayed.
|
||||||
|
|
||||||
#. On the **Servers** tab, click **Add** and add one or more servers to the current security group.
|
#. In the security group list, locate the row that contains the security group and click **Manage Instances** in the **Operation** column.
|
||||||
|
|
||||||
#. On the **Extension NICs** tab, click **Add** and add one or more extension NICs to the current security group.
|
The **Associated Instances** tab is displayed.
|
||||||
|
|
||||||
#. Click **OK**.
|
#. Click an instance type.
|
||||||
|
|
||||||
Removing Instances from a Security Group
|
The following operations use **Servers** as an example.
|
||||||
----------------------------------------
|
|
||||||
|
#. Click the **Servers** tab and click **Add**.
|
||||||
|
|
||||||
|
The **Add Server** dialog box is displayed.
|
||||||
|
|
||||||
|
#. In the server list, select one or more servers and click OK to add them to the current security group.
|
||||||
|
|
||||||
|
Removing an Instance from a Security Group
|
||||||
|
------------------------------------------
|
||||||
|
|
||||||
|
An instance must be added to at least one security group. If you want to remove an instance from a security group, the instance must be associated with at least two security groups now.
|
||||||
|
|
||||||
#. Log in to the management console.
|
#. Log in to the management console.
|
||||||
|
|
||||||
@ -46,18 +57,21 @@ Removing Instances from a Security Group
|
|||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
#. On the **Security Groups** page, click **Manage Instance** in the **Operation** column.
|
The security group list is displayed.
|
||||||
|
|
||||||
#. On the **Servers** tab, locate the target server and click **Remove** in the **Operation** column to remove the server from current security group.
|
#. In the security group list, locate the row that contains the security group and click **Manage Instances** in the **Operation** column.
|
||||||
|
|
||||||
#. On the **Extension NICs** tab, locate the target extension NIC and click **Remove** in the **Operation** column to remove the NIC from the current security group.
|
The **Associated Instances** tab is displayed.
|
||||||
|
|
||||||
#. Click **Yes**.
|
#. Click an instance type.
|
||||||
|
|
||||||
**Removing multiple instances from a security group**
|
The following operations use **Servers** as an example.
|
||||||
|
|
||||||
- Select multiple servers and click **Remove** above the server list to remove the selected servers from the current security group all at once.
|
#. Click the **Servers** tab, select one or more servers, and click **Remove** in the upper left corner of the server list.
|
||||||
- Select multiple extension NICs and click **Remove** above the extension NIC list to remove the selected extension NICs from the current security group all at once.
|
|
||||||
|
A confirmation dialog box is displayed.
|
||||||
|
|
||||||
|
#. Confirm the information and click **Yes**.
|
||||||
|
|
||||||
Follow-Up Operations
|
Follow-Up Operations
|
||||||
--------------------
|
--------------------
|
||||||
|
|||||||
@ -24,7 +24,7 @@ Procedure
|
|||||||
The **Change Security Group** dialog box is displayed.
|
The **Change Security Group** dialog box is displayed.
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0122999741.png
|
.. figure:: /_static/images/en-us_image_0162733894.png
|
||||||
:alt: **Figure 1** Change Security Group
|
:alt: **Figure 1** Change Security Group
|
||||||
|
|
||||||
**Figure 1** Change Security Group
|
**Figure 1** Change Security Group
|
||||||
|
|||||||
@ -43,9 +43,11 @@ Procedure
|
|||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
#. On the **Security Groups** page, locate the row that contains the target security group and choose **More** > **Clone** in the **Operation** column.
|
The security group list is displayed.
|
||||||
|
|
||||||
#. Set required parameters as prompted.
|
#. Locate the row that contains the security group, click **More** in the **Operation** column, and click **Clone**.
|
||||||
|
|
||||||
|
#. Select the region and name of the new security group as prompted.
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0000001602035305.png
|
.. figure:: /_static/images/en-us_image_0000001602035305.png
|
||||||
@ -53,7 +55,9 @@ Procedure
|
|||||||
|
|
||||||
**Figure 1** Clone Security Group
|
**Figure 1** Clone Security Group
|
||||||
|
|
||||||
#. Click **OK**. You can then switch to the required region to view the cloned security group in the security group list.
|
#. Click **OK**.
|
||||||
|
|
||||||
|
You can then switch to the required region to view the cloned security group in the security group list.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001675373901.png
|
.. |image2| image:: /_static/images/en-us_image_0000001675373901.png
|
||||||
|
|||||||
@ -10,14 +10,16 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
When creating instances that require security groups, you are advised to allocate instances with different Internet access requirements to different security groups.
|
If your instances have different Internet access requirements, you can allocate them to different security groups when creating them.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Notes and Constraints
|
Notes and Constraints
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it.
|
If you have not created any security groups yet, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it.
|
||||||
|
|
||||||
The default security group name is **default**. For details, see :ref:`Default Security Group <securitygroup_0003>`.
|
The default security group name is **default**. For details, see :ref:`Default Security Group and Its Rules <securitygroup_0003>`.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|||||||
@ -2,13 +2,13 @@
|
|||||||
|
|
||||||
.. _SecurityGroup_0003:
|
.. _SecurityGroup_0003:
|
||||||
|
|
||||||
Default Security Group
|
Default Security Group and Its Rules
|
||||||
======================
|
====================================
|
||||||
|
|
||||||
The system creates a default security group for each account. By default, the default security group rules:
|
If you have not created any security group, the system automatically creates a default security group for you and associates it with the instance (such as an ECS) when you create it. A default security group has the following rules:
|
||||||
|
|
||||||
- Allow all outbound packets: Instances in the default security group can send requests to and receive responses from instances in other security groups.
|
- Inbound rules control incoming traffic to instances in a security group. Only instances in the same security group can communicate with each other, and all inbound requests are denied.
|
||||||
- Deny all inbound packets: Requests from instances in other security groups will be denied by the default security group.
|
- Outbound rules allow all outbound traffic and response traffic to the outbound requests.
|
||||||
|
|
||||||
|
|
||||||
.. figure:: /_static/images/en-us_image_0000001230120807.png
|
.. figure:: /_static/images/en-us_image_0000001230120807.png
|
||||||
@ -18,8 +18,8 @@ The system creates a default security group for each account. By default, the de
|
|||||||
|
|
||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
- You cannot delete the default security group, but you can modify the rules for the default security group.
|
- You cannot delete the default security group, but you can modify existing rules or add rules to the group.
|
||||||
- If two ECSs are in the same security group but in different VPCs, the ECSs cannot communicate with each other. To enable communications between the ECSs, use a VPC peering connection to connect the two VPCs.
|
- The default security group is automatically created to simplify the process of creating an instance for the first time. The default security group denies all external requests. To log in to an instance, add a security group rule by referring to :ref:`Remotely Logging In to an ECS from a Local Server <en-us_topic_0081124350__section14933617154810>`.
|
||||||
|
|
||||||
:ref:`Table 1 <securitygroup_0003__table493045171919>` describes the default rules for the default security group.
|
:ref:`Table 1 <securitygroup_0003__table493045171919>` describes the default rules for the default security group.
|
||||||
|
|
||||||
@ -8,15 +8,15 @@ Deleting a Security Group Rule
|
|||||||
Scenarios
|
Scenarios
|
||||||
---------
|
---------
|
||||||
|
|
||||||
If the source of an inbound security group rule or destination of an outbound security group rule needs to be changed, you need to first delete the security group rule and add a new one.
|
If your security group rule is no longer required, you can delete it.
|
||||||
|
|
||||||
Notes and Constraints
|
Notes and Constraints
|
||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows:
|
Security group rules use whitelists. Deleting a security group rule may result in ECS access failures. Security group rules work as follows:
|
||||||
|
|
||||||
- If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
|
- Inbound rule: If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
|
||||||
- If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
|
- Outbound rule: If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
@ -31,15 +31,22 @@ Procedure
|
|||||||
|
|
||||||
4. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
4. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
5. On the **Security Groups** page, click the security group name.
|
The security group list is displayed.
|
||||||
|
|
||||||
6. If you do not need a security group rule, locate the row that contains the target rule, and click **Delete**.
|
5. In the security group list, click the name of the security group.
|
||||||
|
|
||||||
7. Click **Yes** in the displayed dialog box.
|
The security group details page is displayed.
|
||||||
|
|
||||||
**Deleting multiple security group rules at once**
|
6. Click the **Inbound Rules** or **Outbound Rules** tab as required.
|
||||||
|
|
||||||
You can also select multiple security group rules and click **Delete** above the security group rule list to delete multiple rules at a time.
|
The security group rule list is displayed.
|
||||||
|
|
||||||
|
7. In the security group rule list:
|
||||||
|
|
||||||
|
- To delete a single security group rule, locate the row that contains the rule and click **Delete** in the **Operation** column.
|
||||||
|
- To delete multiple security group rules, select multiple security group rules and click **Delete** in the upper left corner of the rule list.
|
||||||
|
|
||||||
|
8. Click **Yes**.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001675413825.png
|
.. |image2| image:: /_static/images/en-us_image_0000001675413825.png
|
||||||
|
|||||||
@ -52,6 +52,11 @@ Procedure
|
|||||||
| | - Web services | |
|
| | - Web services | |
|
||||||
| | - Databases | |
|
| | - Databases | |
|
||||||
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
|
| | | |
|
||||||
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
|
+-----------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
|
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
|
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
|
||||||
@ -93,6 +98,11 @@ Procedure
|
|||||||
| | - Web services | |
|
| | - Web services | |
|
||||||
| | - Databases | |
|
| | - Databases | |
|
||||||
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
|
| | | |
|
||||||
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
|
+-----------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
|
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. You can specify: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
|
| | - xxx.xxx.xxx.xxx/32 (IPv4 address) | |
|
||||||
|
|||||||
@ -18,7 +18,7 @@ Notes and Constraints
|
|||||||
---------------------
|
---------------------
|
||||||
|
|
||||||
- The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail.
|
- The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail.
|
||||||
- If a security group rule to be imported is the same as an existing one, the security group rule cannot be imported. You can delete the rule and try again.
|
- Duplicate rules are not allowed, you can delete the rule and try again.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
@ -61,13 +61,9 @@ Procedure
|
|||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
| | | |
|
|
||||||
| | Inbound rules control incoming traffic over specific ports to instances in the security group. | |
|
|
||||||
| | | |
|
|
||||||
| | Outbound rules control outgoing traffic over specific ports from instances in the security group. | |
|
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | sg-test[96a8a93f-XXX-d7872990c314] |
|
||||||
| | | |
|
| | | |
|
||||||
|
|||||||
@ -6,7 +6,7 @@ Security Group
|
|||||||
==============
|
==============
|
||||||
|
|
||||||
- :ref:`Security Groups and Security Group Rules <en-us_topic_0073379079>`
|
- :ref:`Security Groups and Security Group Rules <en-us_topic_0073379079>`
|
||||||
- :ref:`Default Security Group <securitygroup_0003>`
|
- :ref:`Default Security Group and Its Rules <securitygroup_0003>`
|
||||||
- :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`
|
- :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`
|
||||||
- :ref:`Creating a Security Group <en-us_topic_0013748715>`
|
- :ref:`Creating a Security Group <en-us_topic_0013748715>`
|
||||||
- :ref:`Cloning a Security Group <vpc_securitygroup_0009>`
|
- :ref:`Cloning a Security Group <vpc_securitygroup_0009>`
|
||||||
@ -27,7 +27,7 @@ Security Group
|
|||||||
:hidden:
|
:hidden:
|
||||||
|
|
||||||
security_groups_and_security_group_rules
|
security_groups_and_security_group_rules
|
||||||
default_security_group
|
default_security_group_and_its_rules
|
||||||
security_group_configuration_examples
|
security_group_configuration_examples
|
||||||
creating_a_security_group
|
creating_a_security_group
|
||||||
cloning_a_security_group
|
cloning_a_security_group
|
||||||
|
|||||||
@ -8,13 +8,11 @@ Modifying a Security Group
|
|||||||
**Scenarios**
|
**Scenarios**
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Modify the name and description of a created security group.
|
After a security group is created, you can change its name and description.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|
||||||
**Method 1**
|
|
||||||
|
|
||||||
#. Log in to the management console.
|
#. Log in to the management console.
|
||||||
|
|
||||||
#. Click |image1| in the upper left corner and select the desired region and project.
|
#. Click |image1| in the upper left corner and select the desired region and project.
|
||||||
@ -25,37 +23,15 @@ Procedure
|
|||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
#. On the **Security Groups** page, locate the target security group and choose **More** > **Modify** in the **Operation** column.
|
The security group list is displayed.
|
||||||
|
|
||||||
|
#. Locate the row that contains the security group, click **More** in the **Operation** column, and click **Modify**.
|
||||||
|
|
||||||
|
The **Modify Security Group** dialog box is displayed.
|
||||||
|
|
||||||
#. Modify the name and description of the security group as required.
|
#. Modify the name and description of the security group as required.
|
||||||
|
|
||||||
#. Click **OK**.
|
#. Click **OK** to save the modification.
|
||||||
|
|
||||||
**Method 2**
|
|
||||||
|
|
||||||
#. Log in to the management console.
|
|
||||||
|
|
||||||
#. Click |image3| in the upper left corner and select the desired region and project.
|
|
||||||
|
|
||||||
#. Click |image4| in the upper left corner and choose **Network** > **Virtual Private Cloud**.
|
|
||||||
|
|
||||||
The **Virtual Private Cloud** page is displayed.
|
|
||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
|
||||||
|
|
||||||
#. On the **Security Groups** page, click the security group name.
|
|
||||||
|
|
||||||
#. On the displayed page, click |image5| on the right of **Name** and edit the security group name.
|
|
||||||
|
|
||||||
#. Click **Y** to save the security group name.
|
|
||||||
|
|
||||||
#. Click |image6| on the right of **Description** and edit the security group description.
|
|
||||||
|
|
||||||
#. Click **Y** to save the security group description.
|
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001626894086.png
|
.. |image2| image:: /_static/images/en-us_image_0000001626894086.png
|
||||||
.. |image3| image:: /_static/images/en-us_image_0141273034.png
|
|
||||||
.. |image4| image:: /_static/images/en-us_image_0000001675613933.png
|
|
||||||
.. |image5| image:: /_static/images/en-us_image_0239476777.png
|
|
||||||
.. |image6| image:: /_static/images/en-us_image_0239476777.png
|
|
||||||
|
|||||||
@ -23,11 +23,19 @@ Procedure
|
|||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
||||||
|
|
||||||
#. On the **Security Groups** page, click the security group name.
|
The security group list is displayed.
|
||||||
|
|
||||||
#. On the displayed page, locate the row that contains the security group rule to be modified, and click **Modify** in the **Operation** column.
|
#. In the security group list, click the name of the security group.
|
||||||
|
|
||||||
#. Modify the rule and click **Confirm**.
|
The security group details page is displayed.
|
||||||
|
|
||||||
|
#. Click the **Inbound Rules** or **Outbound Rules** tab as required.
|
||||||
|
|
||||||
|
The security group rule list is displayed.
|
||||||
|
|
||||||
|
#. Locate the row that contains the rule and click **Modify** in the **Operation** column.
|
||||||
|
|
||||||
|
#. Modify the security group rule information as prompted and click **Confirm**.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001675613937.png
|
.. |image2| image:: /_static/images/en-us_image_0000001675613937.png
|
||||||
|
|||||||
@ -8,7 +8,7 @@ Replicating a Security Group Rule
|
|||||||
**Scenarios**
|
**Scenarios**
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
Replicate an existing security group rule to generate a new rule. When replicating a security group rule, you can make changes so that it is not a perfect copy.
|
You can replicate an existing security group rule and modify it to quickly generate a new rule.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
@ -21,15 +21,19 @@ Procedure
|
|||||||
|
|
||||||
The **Virtual Private Cloud** page is displayed.
|
The **Virtual Private Cloud** page is displayed.
|
||||||
|
|
||||||
#. In the navigation pane on the left, choose **Access Control** > **Security Groups**.
|
#. In the security group list, click the name of the security group.
|
||||||
|
|
||||||
#. On the **Security Groups** page, click the security group name.
|
The security group details page is displayed.
|
||||||
|
|
||||||
#. On the displayed page, locate the row that contains the security group rule to be replicated, and click **Replicate** in the **Operation** column.
|
#. Click the **Inbound Rules** or **Outbound Rules** tab as required.
|
||||||
|
|
||||||
You can also modify the security group rule as required to quickly generate a new rule.
|
The security group rule list is displayed.
|
||||||
|
|
||||||
#. Click **OK**.
|
#. Locate the row that contains the rule and click **Replicate** in the **Operation** column.
|
||||||
|
|
||||||
|
The **Replicate Inbound Rule** dialog box is displayed.
|
||||||
|
|
||||||
|
#. Modify the security group rule information as prompted and click **OK**.
|
||||||
|
|
||||||
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
.. |image1| image:: /_static/images/en-us_image_0141273034.png
|
||||||
.. |image2| image:: /_static/images/en-us_image_0000001626894090.png
|
.. |image2| image:: /_static/images/en-us_image_0000001626894090.png
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -8,12 +8,54 @@ Change History
|
|||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Released On | Description |
|
| Released On | Description |
|
||||||
+===================================+====================================================================================================================================================================================================================================================================================================================================+
|
+===================================+====================================================================================================================================================================================================================================================================================================================================+
|
||||||
|
| 2023-10-10 | This release incorporates the following changes: |
|
||||||
|
| | |
|
||||||
|
| | - Added the figure for configuring route tables in :ref:`Route Table <en-us_topic_0038263963>`. |
|
||||||
|
| | - Modified :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`. |
|
||||||
|
| | |
|
||||||
|
| | - Changed the location of parameter **Type**. |
|
||||||
|
| | - Added protocol **GRE**. |
|
||||||
|
| | |
|
||||||
|
| | - Modified :ref:`Step 5: Add a Security Group Rule <vpc_qs_0013>` and :ref:`Adding a Security Group Rule <en-us_topic_0030969470>`. |
|
||||||
|
| | |
|
||||||
|
| | - Added description that each ECS must be associated with at least one security group. |
|
||||||
|
| | - Modified description about port. |
|
||||||
|
| | - Changed the location of parameter **Type**. |
|
||||||
|
| | - Added protocol **GRE**. |
|
||||||
|
| | |
|
||||||
|
| | - Added the function of adding multiple tags for search in :ref:`Managing VPC Tags <vpc_vpc_0004>`. |
|
||||||
|
| | - Added figures and modified steps in :ref:`Viewing and Deleting Resources in a Subnet <vpc_vpc_0011>`. |
|
||||||
|
| | - Modified :ref:`Security Groups and Security Group Rules <en-us_topic_0073379079>`. |
|
||||||
|
| | |
|
||||||
|
| | - Added protocol **GRE** and deleted content about **Action**. |
|
||||||
|
| | - Modified description about security group sg-AB. |
|
||||||
|
| | - Added description about security group configuration. |
|
||||||
|
| | - Added support for IPv6. |
|
||||||
|
| | |
|
||||||
|
| | - Changed the section name in :ref:`Default Security Group and Its Rules <securitygroup_0003>`. |
|
||||||
|
| | - Optimized description in :ref:`Creating a Security Group <en-us_topic_0013748715>`. |
|
||||||
|
| | - Modified the figure and added parameter **Type** in :ref:`Fast-Adding Security Group Rules <securitygroup_0004>`. |
|
||||||
|
| | - Modified notes and constraints in :ref:`Importing and Exporting Security Group Rules <vpc_securitygroup_0007>`. |
|
||||||
|
| | - Added description about the maximum number of security groups that can be created in :ref:`Creating a Firewall <en-us_topic_0051746698>`. |
|
||||||
|
| | - Modified figures and parameter settings in :ref:`Adding a Firewall Rule <en-us_topic_0051746702>`. |
|
||||||
|
| | - Added the route table quota in notes and constraints in :ref:`Creating a Custom Route Table <vpc_route01_0005>`. |
|
||||||
|
| | - Added constraints on the maximum number of routes that can be added to a route table in :ref:`Adding a Custom Route <vpc_route01_0006>`. |
|
||||||
|
| | - Modified :ref:`Creating a VPC Peering Connection with Another VPC in Your Account <en-us_topic_0046655037>`. |
|
||||||
|
| | |
|
||||||
|
| | - Added description that you need to add routes to the route tables of the local and peer VPCs after creating a VPC peering connection. |
|
||||||
|
| | - Added parameter **Description** for creating a VPC peering connection. |
|
||||||
|
| | |
|
||||||
|
| | - Added parameter **Description** for creating a VPC peering connection in :ref:`Creating a VPC Peering Connection with a VPC in Another Account <en-us_topic_0046655038>`. |
|
||||||
|
| | |
|
||||||
|
| | - Added description about the maximum number of flow log records that can be recorded in :ref:`VPC Flow Log Overview <flowlog_0002>`. |
|
||||||
|
| | - Modified the section name and scenarios in :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) <vpc_vip_0008>`. |
|
||||||
|
| | - Modified the verification procedure in :ref:`Creating a User and Granting VPC Permissions <permission_0003>`. |
|
||||||
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2023-09-08 | This release incorporates the following changes: |
|
| 2023-09-08 | This release incorporates the following changes: |
|
||||||
| | |
|
| | |
|
||||||
| | Updated the following content: |
|
| | Updated the following content: |
|
||||||
| | |
|
| | |
|
||||||
| | - Optimized description in :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`. |
|
| | - Optimized description in :ref:`Step 4: Add a Security Group Rule <vpc_qs_0008>`. |
|
||||||
| | - Optimized description in :ref:`Creating a Security Group <en-us_topic_0013748715>`. |
|
|
||||||
| | - Optimized the procedure for verifying IAM permissions in :ref:`Creating a User and Granting VPC Permissions <permission_0003>`. |
|
| | - Optimized the procedure for verifying IAM permissions in :ref:`Creating a User and Granting VPC Permissions <permission_0003>`. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2023-07-18 | This release incorporates the following changes: |
|
| 2023-07-18 | This release incorporates the following changes: |
|
||||||
@ -34,7 +76,7 @@ Change History
|
|||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2023-05-26 | This release incorporates the following changes: |
|
| 2023-05-26 | This release incorporates the following changes: |
|
||||||
| | |
|
| | |
|
||||||
| | Added the following section: |
|
| | Added the following content: |
|
||||||
| | |
|
| | |
|
||||||
| | Added information about cloning a security group in :ref:`Cloning a Security Group <vpc_securitygroup_0009>`. |
|
| | Added information about cloning a security group in :ref:`Cloning a Security Group <vpc_securitygroup_0009>`. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
@ -55,7 +97,7 @@ Change History
|
|||||||
| | Updated the following content: |
|
| | Updated the following content: |
|
||||||
| | |
|
| | |
|
||||||
| | - Added description that BMS user-defined network is available only in eu-de. |
|
| | - Added description that BMS user-defined network is available only in eu-de. |
|
||||||
| | - Added the step for viewing NIC details to :ref:`Disabling Source/Destination Check for an ECS NIC <vpc_vip_0008>`. |
|
| | - Added the step for viewing NIC details to :ref:`Disabling Source and Destination Check (HA Load Balancing Cluster Scenario) <vpc_vip_0008>`. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2023-02-15 | This release incorporates the following changes: |
|
| 2023-02-15 | This release incorporates the following changes: |
|
||||||
| | |
|
| | |
|
||||||
@ -248,14 +290,14 @@ Change History
|
|||||||
| | Modified the following content: |
|
| | Modified the following content: |
|
||||||
| | |
|
| | |
|
||||||
| | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet <vpc_vpc_0001>`. |
|
| | - Modified description about **NTP Server Address** in :ref:`Modifying a Subnet <vpc_vpc_0001>`. |
|
||||||
| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview <vpc_route01_0001>`. |
|
| | - Modified description about replication in the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes <vpc_route01_0001>`. |
|
||||||
| | - Modified descriptions about system routes and custom routes in :ref:`Route Table Overview <vpc_route01_0001>`. |
|
| | - Modified descriptions about system routes and custom routes in :ref:`Route Tables and Routes <vpc_route01_0001>`. |
|
||||||
| | - Modified description about usage restrictions in :ref:`Route Table Overview <vpc_route01_0001>`. |
|
| | - Modified description about usage restrictions in :ref:`Route Tables and Routes <vpc_route01_0001>`. |
|
||||||
| | |
|
| | |
|
||||||
| | Deleted the following content: |
|
| | Deleted the following content: |
|
||||||
| | |
|
| | |
|
||||||
| | - Deleted parameter **Enterprise Project** from the document. |
|
| | - Deleted parameter **Enterprise Project** from the document. |
|
||||||
| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Table Overview <vpc_route01_0001>`. |
|
| | - Deleted the Cloud Connect service from the "Default Route Table and Custom Route Table" part in :ref:`Route Tables and Routes <vpc_route01_0001>`. |
|
||||||
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| 2019-08-02 | Added the following content based on the RM-584 requirements: |
|
| 2019-08-02 | Added the following content based on the RM-584 requirements: |
|
||||||
| | |
|
| | |
|
||||||
|
|||||||
@ -32,7 +32,7 @@ Procedure
|
|||||||
#. Log in to the management console.
|
#. Log in to the management console.
|
||||||
#. Click |image1| in the upper left corner and select the desired region and project.
|
#. Click |image1| in the upper left corner and select the desired region and project.
|
||||||
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
|
#. Click |image2| in the upper left corner and choose **Network** > **Elastic IP**.
|
||||||
#. On the displayed page, locate the row that contains the target EIP, and click **Unbind**.
|
#. On the displayed page, locate the row that contains the EIP, and click **Unbind**.
|
||||||
#. Click **Yes** in the displayed dialog box.
|
#. Click **Yes** in the displayed dialog box.
|
||||||
|
|
||||||
**Releasing a single EIP**
|
**Releasing a single EIP**
|
||||||
|
|||||||
@ -5,4 +5,4 @@
|
|||||||
What Bandwidth Types Are Available?
|
What Bandwidth Types Are Available?
|
||||||
===================================
|
===================================
|
||||||
|
|
||||||
There are dedicated bandwidth and shared bandwidth. A dedicated bandwidth can only be used by one EIP, but a shared bandwidth can be used by multiple EIPs.
|
There are dedicated bandwidths and shared bandwidths. A dedicated bandwidth can only be used by one EIP, but a shared bandwidth can be used by multiple EIPs.
|
||||||
|
|||||||
@ -137,7 +137,7 @@ Incorrect Network Configuration
|
|||||||
#. Check whether security group rules of the ECSs that need to communicate allow inbound traffic from each other by referring to :ref:`Viewing the Security Group of an ECS <vpc_securitygroup_0011>`.
|
#. Check whether security group rules of the ECSs that need to communicate allow inbound traffic from each other by referring to :ref:`Viewing the Security Group of an ECS <vpc_securitygroup_0011>`.
|
||||||
|
|
||||||
- If the ECSs are associated with the same security group, you do not need to check their rules.
|
- If the ECSs are associated with the same security group, you do not need to check their rules.
|
||||||
- If the ECSs are associated with different security groups, add an inbound rule to allow access from each other by referring to :ref:`Enabling ECSs in Different Security Groups to Communicate with Each Other Through an Internal Network <en-us_topic_0081124350__section14197522283>`.
|
- If the ECSs are associated with different security groups, add an inbound rule to allow access from each other by referring to :ref:`Security Group Configuration Examples <en-us_topic_0081124350>`.
|
||||||
|
|
||||||
#. Check whether the firewall of the ECS NIC blocks traffic.
|
#. Check whether the firewall of the ECS NIC blocks traffic.
|
||||||
|
|
||||||
|
|||||||
@ -10,14 +10,18 @@ The following table lists the private CIDR blocks that you can specify when crea
|
|||||||
- Number of IP addresses: Reserve sufficient IP addresses in case of business growth.
|
- Number of IP addresses: Reserve sufficient IP addresses in case of business growth.
|
||||||
- IP address range: Avoid IP address conflicts if you need to connect a VPC to an on-premises data center or connect two VPCs.
|
- IP address range: Avoid IP address conflicts if you need to connect a VPC to an on-premises data center or connect two VPCs.
|
||||||
|
|
||||||
The VPC service supports the following CIDR blocks:
|
:ref:`Table 1 <vpc_faq_0004__table3240172772213>` lists the supported VPC CIDR blocks.
|
||||||
|
|
||||||
+-------------------+-----------------------------+--------------------------------+
|
.. _vpc_faq_0004__table3240172772213:
|
||||||
| VPC CIDR Block | IP Address Range | Maximum Number of IP Addresses |
|
|
||||||
+===================+=============================+================================+
|
.. table:: **Table 1** VPC CIDR blocks
|
||||||
| 10.0.0.0/8-24 | 10.0.0.0-10.255.255.255 | 2^24-2=16777214 |
|
|
||||||
+-------------------+-----------------------------+--------------------------------+
|
+-------------------+-----------------------------+--------------------------------+
|
||||||
| 172.16.0.0/12-24 | 172.16.0.0-172.31.255.255 | 2^20-2=1048574 |
|
| VPC CIDR Block | IP Address Range | Maximum Number of IP Addresses |
|
||||||
+-------------------+-----------------------------+--------------------------------+
|
+===================+=============================+================================+
|
||||||
| 192.168.0.0/16-24 | 192.168.0.0-192.168.255.255 | 2^16-2=65534 |
|
| 10.0.0.0/8-24 | 10.0.0.0-10.255.255.255 | 2^24-2=16777214 |
|
||||||
+-------------------+-----------------------------+--------------------------------+
|
+-------------------+-----------------------------+--------------------------------+
|
||||||
|
| 172.16.0.0/12-24 | 172.16.0.0-172.31.255.255 | 2^20-2=1048574 |
|
||||||
|
+-------------------+-----------------------------+--------------------------------+
|
||||||
|
| 192.168.0.0/16-24 | 192.168.0.0-192.168.255.255 | 2^16-2=65534 |
|
||||||
|
+-------------------+-----------------------------+--------------------------------+
|
||||||
|
|||||||
@ -10,7 +10,9 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
When creating instances that require security groups, you are advised to allocate instances with different Internet access requirements to different security groups.
|
If your instances have different Internet access requirements, you can allocate them to different security groups when creating them.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|||||||
@ -10,13 +10,19 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Like whitelists, security group rules work as follows:
|
Like whitelists, security group rules work as follows:
|
||||||
|
|
||||||
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
|
- Inbound rules control incoming traffic to instances in the security group.
|
||||||
|
|
||||||
|
If an inbound request matches the source in an inbound security group rule, the request is allowed and other requests are denied.
|
||||||
|
|
||||||
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
||||||
|
|
||||||
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
|
- Outbound rules control outgoing traffic from instances in the security group.
|
||||||
|
|
||||||
|
If the destination of an outbound security group rule is 0.0.0.0/0, all outbound requests are allowed.
|
||||||
|
|
||||||
0.0.0.0/0 represents all IPv4 addresses.
|
0.0.0.0/0 represents all IPv4 addresses.
|
||||||
|
|
||||||
@ -62,15 +68,16 @@ Procedure
|
|||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+==========================================================================================================================================================================+=======================+
|
+=======================+==========================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Inbound rules control incoming traffic over specific ports to instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
@ -112,15 +119,16 @@ Procedure
|
|||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+=============================================================================================================================================================================+=======================+
|
+=======================+=============================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Outbound rules control outgoing traffic over specific ports from instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
|
|||||||
@ -20,26 +20,26 @@ If your ECSs do not require Internet access or need to access the Internet using
|
|||||||
|
|
||||||
.. table:: **Table 1** Configuration process description
|
.. table:: **Table 1** Configuration process description
|
||||||
|
|
||||||
+------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Task | Description |
|
| Task | Description |
|
||||||
+====================================+=================================================================================================================================================================================+
|
+====================================+==========================================================================================================================+
|
||||||
| Create a VPC. | This task is mandatory. |
|
| Create a VPC. | This task is mandatory. |
|
||||||
| | |
|
| | |
|
||||||
| | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. |
|
| | After the VPC is created, you can create other required network resources in the VPC based on your service requirements. |
|
||||||
+------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Create another subnet for the VPC. | This task is optional. |
|
| Create another subnet for the VPC. | This task is optional. |
|
||||||
| | |
|
| | |
|
||||||
| | If the default subnet cannot meet your requirements, you can create one. |
|
| | If the default subnet cannot meet your requirements, you can create one. |
|
||||||
| | |
|
| | |
|
||||||
| | The new subnet is used to assign IP addresses to NICs added to the ECS. |
|
| | The new subnet is used to assign IP addresses to NICs added to the ECS. |
|
||||||
+------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Create a security group. | This task is mandatory. |
|
| Create a security group. | This task is mandatory. |
|
||||||
| | |
|
| | |
|
||||||
| | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. |
|
| | You can create a security group and add ECSs in the VPC to the security group to improve ECS access security. |
|
||||||
| | |
|
| | |
|
||||||
| | After a security group is created, it has a default rule, which allows all outgoing data packets. ECSs in a security group can access each other without the need to add rules. |
|
| | After a security group is created, it has default rules. |
|
||||||
+------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Add a security group rule. | This task is optional. |
|
| Add a security group rule. | This task is optional. |
|
||||||
| | |
|
| | |
|
||||||
| | If the default rule meets your service requirements, you do not need to add rules to the security group. |
|
| | If the default rule meets your service requirements, you do not need to add rules to the security group. |
|
||||||
+------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+------------------------------------+--------------------------------------------------------------------------------------------------------------------------+
|
||||||
|
|||||||
@ -10,7 +10,9 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
When creating instances that require security groups, you are advised to allocate instances with different Internet access requirements to different security groups.
|
If your instances have different Internet access requirements, you can allocate them to different security groups when creating them.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|||||||
@ -10,13 +10,19 @@ Scenarios
|
|||||||
|
|
||||||
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
A security group is a collection of access control rules to control the traffic that is allowed to reach and leave the cloud resources that it is associated with. The cloud resources can be cloud servers, containers, databases, and more. Cloud resources associated with the same security group have the same security requirements and are mutually trusted within a VPC. A security group consists of inbound and outbound rules.
|
||||||
|
|
||||||
|
Each ECS must be associated with at least one security group. If you do not have a security group when creating an ECS, the system provides a default security group.
|
||||||
|
|
||||||
Like whitelists, security group rules work as follows:
|
Like whitelists, security group rules work as follows:
|
||||||
|
|
||||||
- Inbound rules control incoming traffic to instances in the security group. If an inbound request matches the source in an inbound security group rule with **Action** set to **Allow**, the request is allowed.
|
- Inbound rules control incoming traffic to instances in the security group.
|
||||||
|
|
||||||
|
If an inbound request matches the source in an inbound security group rule, the request is allowed and other requests are denied.
|
||||||
|
|
||||||
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
By default, you do not need to configure deny rules in the inbound direction because requests that do not match allow rules will be denied.
|
||||||
|
|
||||||
- Outbound rules control outgoing traffic from instances in the security group. If the destination of an outbound security group rule with **Action** set to **Allow** is 0.0.0.0/0, all outbound requests are allowed.
|
- Outbound rules control outgoing traffic from instances in the security group.
|
||||||
|
|
||||||
|
If the destination of an outbound security group rule is 0.0.0.0/0, all outbound requests are allowed.
|
||||||
|
|
||||||
0.0.0.0/0 represents all IPv4 addresses.
|
0.0.0.0/0 represents all IPv4 addresses.
|
||||||
|
|
||||||
@ -62,15 +68,16 @@ Procedure
|
|||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+==========================================================================================================================================================================+=======================+
|
+=======================+==========================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can reach your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Inbound rules control incoming traffic over specific ports to instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Source | Source of the security group rule. The value can be an IP address or a security group to allow access from IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
@ -112,15 +119,16 @@ Procedure
|
|||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Parameter | Description | Example Value |
|
| Parameter | Description | Example Value |
|
||||||
+=======================+=============================================================================================================================================================================+=======================+
|
+=======================+=============================================================================================================================================================================+=======================+
|
||||||
| Type | IPv4 | IPv4 |
|
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
|
||||||
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
| Protocol & Port | The network protocol used to match traffic in a security group rule. | TCP |
|
||||||
| | | |
|
| | | |
|
||||||
| | Currently, the value can be **All**, **TCP**, **UDP**, or **ICMP**, or others. | |
|
| | Currently, the value can be **All**, **TCP**, **UDP**, **GRE**, **ICMP**, or more. | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| | Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. | 22, or 22-30 |
|
| | **Port**: The port or port range over which traffic can leave your ECS. The value can be from 1 to 65535. | 22, or 22-30 |
|
||||||
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
|
| Type | Source IP address version. You can select: | IPv4 |
|
||||||
| | | |
|
| | | |
|
||||||
| | Outbound rules control outgoing traffic over specific ports from instances in the security group. | |
|
| | - IPv4 | |
|
||||||
|
| | - IPv6 | |
|
||||||
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
+-----------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------+-----------------------+
|
||||||
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
| Destination | Destination of the security group rule. The value can be an IP address or a security group to allow access to IP addresses or instances in the security group. For example: | 0.0.0.0/0 |
|
||||||
| | | |
|
| | | |
|
||||||
|
|||||||
@ -9,5 +9,4 @@ A VPC provides an isolated virtual network for ECSs. You can configure and manag
|
|||||||
|
|
||||||
- If any of your ECSs, for example, ECSs that function as the database of server nodes for website deployment, do not need to access the Internet or need to access the Internet specific IP addresses on the default network with limited bandwidth, you can configure a VPC for the ECSs by following the instructions described in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access <vpc_qs_0003>`.
|
- If any of your ECSs, for example, ECSs that function as the database of server nodes for website deployment, do not need to access the Internet or need to access the Internet specific IP addresses on the default network with limited bandwidth, you can configure a VPC for the ECSs by following the instructions described in :ref:`Configuring a VPC for ECSs That Do Not Require Internet Access <vpc_qs_0003>`.
|
||||||
- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. Then, you can configure a VPC for these ECSs by following the instructions provided in :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs <en-us_topic_0017816228>`.
|
- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. Then, you can configure a VPC for these ECSs by following the instructions provided in :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs <en-us_topic_0017816228>`.
|
||||||
- If your ECSs need to access the Internet, you can configure EIPs for them. For example, the ECSs functioning as the service nodes for deploying a website need to be accessed by users over the Internet. For details, see :ref:`Configuring a VPC for ECSs That Access the Internet Using EIPs <en-us_topic_0017816228>`.
|
|
||||||
- When you need to access the IPv6 services on the Internet or provide services accessible from users using an IPv6 client, you need to enable the IPv6 function. After the IPv6 function is enabled, you can provide services for users using an IPv4 or IPv6 client.
|
- When you need to access the IPv6 services on the Internet or provide services accessible from users using an IPv6 client, you need to enable the IPv6 function. After the IPv6 function is enabled, you can provide services for users using an IPv4 or IPv6 client.
|
||||||
|
|||||||
@ -41,3 +41,4 @@ Process Flow
|
|||||||
In the authorized region, perform the following operations:
|
In the authorized region, perform the following operations:
|
||||||
|
|
||||||
- Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPCReadOnlyAccess** policy is in effect.
|
- Choose **Service List** > **Virtual Private Cloud**. Then click **Create VPC** on the VPC console. If a message appears indicating that you have insufficient permissions to perform the operation, the **VPCReadOnlyAccess** policy is in effect.
|
||||||
|
- Choose another service from **Service List**. If a message appears indicating that you have insufficient permissions to access the service, the **VPCReadOnlyAccess** policy is in effect.
|
||||||
|
|||||||
@ -10,6 +10,11 @@ Scenarios
|
|||||||
|
|
||||||
Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can also add custom routes as required to forward the traffic destined for the destination to the specified next hop.
|
Each route table contains a default system route, which indicates that ECSs in a VPC can communicate with each other. You can also add custom routes as required to forward the traffic destined for the destination to the specified next hop.
|
||||||
|
|
||||||
|
Notes and Constraints
|
||||||
|
---------------------
|
||||||
|
|
||||||
|
A maximum of 200 routes can be added to each route table.
|
||||||
|
|
||||||
Procedure
|
Procedure
|
||||||
---------
|
---------
|
||||||
|
|
||||||
@ -48,7 +53,7 @@ Procedure
|
|||||||
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+
|
+-----------------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------+------------------------+
|
||||||
| Next Hop Type | Mandatory | VPC peering connection |
|
| Next Hop Type | Mandatory | VPC peering connection |
|
||||||
| | | |
|
| | | |
|
||||||
| | Set the type of the next hop. For details about the supported resource types, see :ref:`Table 1 <vpc_route01_0001__table1727714140542>`. | |
|
| | Set the type of the next hop. | |
|
||||||
| | | |
|
| | | |
|
||||||
| | .. note:: | |
|
| | .. note:: | |
|
||||||
| | | |
|
| | | |
|
||||||
|
|||||||
@ -69,7 +69,7 @@ Procedure
|
|||||||
|
|
||||||
**cat /proc/sys/net/ipv4/ip_forward**
|
**cat /proc/sys/net/ipv4/ip_forward**
|
||||||
|
|
||||||
In the command output, **1** indicates it is enabled, and **0** indicates it is disabled. The default value is **0**.
|
In the command output, **1** indicates that IP forwarding is enabled, and **0** indicates that IP forwarding is disabled. The default value is **0**.
|
||||||
|
|
||||||
- If IP forwarding in Linux is enabled, go to step :ref:`14 <vpc_route_0004__en-us_topic_0212076959_li2168883919851>`.
|
- If IP forwarding in Linux is enabled, go to step :ref:`14 <vpc_route_0004__en-us_topic_0212076959_li2168883919851>`.
|
||||||
- If IP forwarding in Linux is disabled, go to :ref:`12 <vpc_route_0004__en-us_topic_0212076959_li3948189019612>` to enable IP forwarding in Linux.
|
- If IP forwarding in Linux is disabled, go to :ref:`12 <vpc_route_0004__en-us_topic_0212076959_li3948189019612>` to enable IP forwarding in Linux.
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
x
Reference in New Issue
Block a user