Qin Ying, Fan
27d1dd170a
Reviewed-by: gtema <artem.goncharov@gmail.com> Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com> Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
13 KiB
Step 5: Add a Security Group Rule
Scenarios
After you create a security group, you can add rules to the security group. A rule applies either to inbound traffic or outbound traffic. After you add cloud resources to the security group, they are protected by the rules of the group.
- Inbound rules control incoming traffic to cloud resources in the security group.
- Outbound rules control outgoing traffic from cloud resources in the security group.
Procedure
- Log in to the management console.
- Click
in the upper left corner and select the desired region and project. - On the console homepage, under Network, click Virtual Private Cloud.
- In the navigation pane on the left, choose Access Control > Security Groups.
- On the Security Groups page, locate the target security group and click Manage Rule in the Operation column to switch to the page for managing inbound and outbound rules.
- On the Inbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.
You can click + to add more inbound rules.
Table 1 Inbound rule parameter description Parameter
Description
Example Value
Protocol & Port
Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.
Custom TC
Port: The port or port range over which the traffic can reach your ECS. The value ranges from 1 to 65535.
22, or 22-30
Source
The source of the security group rule. The value can be a single IP address or a security group to allow access from the IP address or instances in the security group. For example:- xxx.xxx.xxx.xxx/32 (IPv4 address)
- xxx.xxx.xxx.0/24 (IPv4 address range)
- 0.0.0.0/0 (all IPv4 addresses)
- sg-abc (security group)
0.0.0.0/0
Description
Supplementary information about the security group rule. This parameter is optional.
The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
-
- On the Outbound Rules tab, click Add Rule. In the displayed dialog box, set required parameters.
You can click + to add more outbound rules.
Table 2 Outbound rule parameter description Parameter
Description
Example Value
Protocol & Port
Protocol: The network protocol. Currently, the value can be All, TCP, UDP, ICMP, GRE, or others.
Custom TCP
Port: The port or port range over which the traffic can leave your ECS. The value ranges from 1 to 65535.
22, or 22-30
Destination
The destination of the security group rule. The value can be a single IP address or a security group to allow access to the IP address or instances in the security group. For example:- xxx.xxx.xxx.xxx/32 (IPv4 address)
- xxx.xxx.xxx.0/24 (IPv4 address range)
- 0.0.0.0/0 (all IPv4 addresses)
- sg-abc (security group)
For more information, see Virtual Private Cloud User Guide.
0.0.0.0/0
Description
Supplementary information about the security group rule. This parameter is optional.
The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).
-
- Click OK.