Step 5: Add a Security Group Rule

Scenarios

After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select the desired region and project.
  3. On the console homepage, under Network, click Virtual Private Cloud.
  4. In the navigation pane on the left, choose Access Control > Security Groups.
  5. On the Security Groups page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
  6. On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.

    You can click + to add more inbound rules.

    Table 1 Inbound rule parameter description

    Parameter

    Description

    Example Value

    Protocol & Port

    Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.

    Custom TC

    Port: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535.

    22, or 22-30

    Source
    The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example:
    • xxx.xxx.xxx.xxx/32 (IPv4 address)
    • xxx.xxx.xxx.0/24 (IPv4 address range)
    • 0.0.0.0/0 (all IPv4 addresses)
    • sg-abc (security group)

    0.0.0.0/0

    Description

    Supplementary information about the security group rule. This parameter is optional.

    The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    -
  7. On the Outbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.

    You can click + to add more outbound rules.

    Table 2 Outbound rule parameter description

    Parameter

    Description

    Example Value

    Protocol & Port

    Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.

    Custom TCP

    Port: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535.

    22, or 22-30

    Destination
    The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example:
    • xxx.xxx.xxx.xxx/32 (IPv4 address)
    • xxx.xxx.xxx.0/24 (IPv4 address range)
    • 0.0.0.0/0 (all IPv4 addresses)
    • sg-abc (security group)

    For more information, see Virtual Private Cloud User Guide.

    0.0.0.0/0

    Description

    Supplementary information about the security group rule. This parameter is optional.

    The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).

    -
  8. Click OK.
Parent topic: Quick Start