• Native OpenStack API

noa
  1. Help Center
  2. Native OpenStack API
  3. API Reference
  4. Nova
  5. Security groups
  6. Creating Security Group Rules

Creating Security Group Rules

Function Description

This interface is used to create a security group rule.

URI

  • URI format

    POST /v2/{tenant_id}/os-security-group-rules

    POST /v2.1/{tenant_id}/os-security-group-rules

  • Parameter description

    Parameter

    Mandatory

    Description

    tenant_id

    Yes

    Specifies the tenant or project ID.

Restrictions

This interface will become invalid from micro version 2.36. Since this version, the system will return error 404 when you invoke this interface.

You are advised to use the desired network interface. For details, see section "Security Group (Native OpenStack API) > Creating a Security Group Rule" in Virtual Private Network API Reference.

Request

Parameter

Type

Mandatory

Description

security_group_rule

Dict

Yes

Specifies the security group rule, which is configured in the message body. For details, see Table 1.

Table 1 Objects of request parameter security_group_rule

Parameter

Type

Mandatory

Description

parent_group_id

String

Yes

Specifies the associated security group ID in UUID format.

ip_protocol

String

Yes

Specifies the IP protocol, which can be icmptcp, or udp.

from_port

Int

Yes

Specifies the start port. The value ranges from 1 to 65,535 and is no greater than the value of to_port.

If the value of ip_protocol is icmp, this parameter specifies the ICMP type. The value ranges from 0 to 255.

to_port

Int

Yes

Specifies the end port. The value ranges from 1 to 65535 and cannot be less than from_port.

If ip_protocol is icmp, this parameter specifies the ICMP code. The value ranges from 0 to 255. If both from_port and to_port are -1, any ICMP packet can be transmitted.

cidr

String

No

Specifies the IP address range. The address is in CIDR format, such as 192.168.0.0/24.

group_id

String

No

Specifies the source security group ID. If both group_id and cidr are set, group_id prevails.

Response

Parameter

Type

Mandatory

Description

security_group_rule

Dict

Yes

Specifies the security group rule, which is configured in the message body. For details, see Table 2.

Table 2 Objects of response parameter security_group_rule

Parameter

Type

Mandatory

Description

parent_group_id

String

Yes

Specifies the associated security group ID in UUID format.

ip_protocol

String

Yes

Specifies the IP protocol, which can be icmptcp, or udp.

from_port

Int

Yes

Specifies the start port number. The value ranges from 1 to 65,535 and cannot be greater than to_port.

When the protocol type is set to ICMP, from_port is the ICMP type and ranges from 0 to 255.

to_port

Int

Yes

Specifies the end port number. The value ranges from 1 to 65535.

  • When the protocol type is set to ICMP, to_port is the ICMP code and ranges from 0 to 255.
  • If both from_port and to_port are –1, it indicates that any ICMP packet can be transmitted.

ip_range

Dict(ip_range)

Yes

Specifies the IP address range, including the CIDR information, such as "ip_range": {"cidr": "0.0.0.0/0"}. For details, see the ip_range object.

group

Dict

Yes

Nothing is returned.

id

String

Yes

Specifies the security group rule ID in UUID format.

Table 3 ip_range objects

Parameter

Type

Mandatory

Description

cidr

String

Yes

Specifies the IP address range. The address is in CIDR format, such as 192.168.0.0/24.

Request Example

{
"security_group_rule": {
"from_port": "443",
"ip_protocol": "tcp",
"to_port": "443",
"cidr": "0.0.0.0/0",
"parent_group_id": "48700ff3-30b8-4e63-845f-a79c9633e9fb"
}
}

Response Example

{
"security_group_rule": {
"id": "F4966B29-D21D-B211-B6B4-0018E1C5D866",
"ip_range": {
"cidr": "0.0.0.0/0"
},
"parent_group_id": "48700ff3-30b8-4e63-845f-a79c9633e9fb",
"to_port": 443,
"ip_protocol": "tcp",
"group": {},
"from_port": 443
}
}

Returned Values

See General Request Returned Values.