next up previous contents
Next: 新增 Instance 前確認 Up: Instance Previous: 登入金鑰對   Contents

Security Group Rules

  1. 載入用戶 demo 的環境變數。
    [root@controller ~]# . demo.token
    
  2. 預設的 "default" security group 防火牆不允許遠端存取 instance,新增 ICMP(ping)。
    [root@controller ~]# openstack security group list
    +--------------------------------------+---------+------------------------+----------------------------------+
    | ID                                   | Name    | Description            | Project                          |
    +--------------------------------------+---------+------------------------+----------------------------------+
    | 1f149288-87c2-43b5-a3b3-89eb153c9249 | default | Default security group | 92d1ec3e04384ad599c1a8f5aed73663 |
    +--------------------------------------+---------+------------------------+----------------------------------+
    
  3. "default" security group 防火牆新增允許 ICMP(ping) 規則。
    [root@controller ~]# openstack security group rule create --proto icmp default
    +-------------------+--------------------------------------+
    | Field             | Value                                |
    +-------------------+--------------------------------------+
    | created_at        | 2018-05-26T09:44:27Z                 |
    | description       |                                      |
    | direction         | ingress                              |
    | ether_type        | IPv4                                 |
    | id                | 0e52cde4-637b-4c35-be1e-cc1b4a1c0518 |
    | name              | None                                 |
    | port_range_max    | None                                 |
    | port_range_min    | None                                 |
    | project_id        | 92d1ec3e04384ad599c1a8f5aed73663     |
    | protocol          | icmp                                 |
    | remote_group_id   | None                                 |
    | remote_ip_prefix  | 0.0.0.0/0                            |
    | revision_number   | 0                                    |
    | security_group_id | 1f149288-87c2-43b5-a3b3-89eb153c9249 |
    | updated_at        | 2018-05-26T09:44:27Z                 |
    +-------------------+--------------------------------------+
    
  4. "default" security group 防火牆新增允許 SSH 規則。
    [root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
    +-------------------+--------------------------------------+
    | Field             | Value                                |
    +-------------------+--------------------------------------+
    | created_at        | 2018-05-26T09:45:17Z                 |
    | description       |                                      |
    | direction         | ingress                              |
    | ether_type        | IPv4                                 |
    | id                | bc34846d-4398-4c7c-a250-33d37f363242 |
    | name              | None                                 |
    | port_range_max    | 22                                   |
    | port_range_min    | 22                                   |
    | project_id        | 92d1ec3e04384ad599c1a8f5aed73663     |
    | protocol          | tcp                                  |
    | remote_group_id   | None                                 |
    | remote_ip_prefix  | 0.0.0.0/0                            |
    | revision_number   | 0                                    |
    | security_group_id | 1f149288-87c2-43b5-a3b3-89eb153c9249 |
    | updated_at        | 2018-05-26T09:45:17Z                 |
    +-------------------+--------------------------------------+
    
  5. 列出 "default" security group,防火牆新有允許 ICMP 及 SSH 規則。
    [root@controller ~]# openstack security group show default
    +-----------------+--------------------------------------------------------------------------
    | Field           | Value                                                                    
    +-----------------+--------------------------------------------------------------------------
    | created_at      | 2018-05-25T11:36:54Z                                                     
    | description     | Default security group                                                   
    | id              | 1f149288-87c2-43b5-a3b3-89eb153c9249                                     
    | name            | default                                                                  
    | project_id      | 92d1ec3e04384ad599c1a8f5aed73663                                         
    | revision_number | 6                                                                        
    | rules           | created_at='2018-05-26T09:44:27Z', direction='ingress', ethertype='IPv4',
    |                 | created_at='2018-05-25T11:36:54Z', direction='egress', ethertype='IPv4', 
    |                 | created_at='2018-05-25T11:36:54Z', direction='ingress', ethertype='IPv4',
    |                 | created_at='2018-05-25T11:36:54Z', direction='egress', ethertype='IPv6', 
    |                 | created_at='2018-05-26T09:45:17Z', direction='ingress', ethertype='IPv4',
    |                 | created_at='2018-05-25T11:36:54Z', direction='ingress', ethertype='IPv6',
    | updated_at      | 2018-05-26T09:45:17Z                                                     
    +-----------------+--------------------------------------------------------------------------
    ---------------------------------------------------------------------------------------------
                                                                                                 
    ---------------------------------------------------------------------------------------------
                                                                                                 
                                                                                                 
                                                                                                 
                                                                                                 
                                                                                                 
                                                                                                 
     id='0e52cde4-637b-4c35-be1e-cc1b4a1c0518', protocol='icmp', remote_ip_prefix='0.0.0.0/0', up
    id='83bd79ae-99a7-4291-8dde-835bbb8233cd', updated_at='2018-05-25T11:36:54Z'                 
     id='987bfd05-3b42-4ae7-a50e-58bb8ec7c6a1', remote_group_id='1f149288-87c2-43b5-a3b3-89eb153c
    id='b84190e5-a903-4961-91ee-d08eeb797d6a', updated_at='2018-05-25T11:36:54Z'                 
     id='bc34846d-4398-4c7c-a250-33d37f363242', port_range_max='22', port_range_min='22', protoco
     id='fc9d2544-23ac-4d18-b4c0-b6dc1f197d08', remote_group_id='1f149288-87c2-43b5-a3b3-89eb153c
                                                                                                 
    ---------------------------------------------------------------------------------------------
    -------------------------------------------------------------------------+
                                                                             |
    -------------------------------------------------------------------------+
                                                                             |
                                                                             |
                                                                             |
                                                                             |
                                                                             |
                                                                             |
    dated_at='2018-05-26T09:44:27Z'                                          |
                                                                             |
    9249', updated_at='2018-05-25T11:36:54Z'                                 |
                                                                             |
    l='tcp', remote_ip_prefix='0.0.0.0/0', updated_at='2018-05-26T09:45:17Z' |
    9249', updated_at='2018-05-25T11:36:54Z'                                 |
                                                                             |
    -------------------------------------------------------------------------+
    



2018-09-19