• Bare Metal Server

bms
  1. Help Center
  2. Bare Metal Server
  3. User Guide
  4. Service Overview
  5. Security
  6. Security Group

Security Group

A security group is a virtual firewall that detects status and filters data packets. It is an important network isolation method used to set access control for ECSs, BMSs, load balancers, and database instances.

You can configure security group rules to allow instances in a security group to access the public or private network.

  • A security group is a logical group. You can add BMSs with the same security protection requirements in a region to the same security group.
  • By default, BMSs in a security group can communicate with each other through an internal network, and BMSs in different security groups cannot.
  • You can modify a security group rule at any time, and the modification takes effect immediately.

Default Security Group

When you create a BMS in a region, the system will create a default security group if no security group has been created in the region.

The default security group rule allows all outgoing data packets and controls incoming data packets. BMSs in a security group can access each other without requiring any access rule.

Figure 1 Default security group

Table 1 lists the rules for a default security group.

Table 1 Default security group rules

Direction

Protocol

Port Range

Source/Destination

Description

Outbound

All

All

Destination: 0.0.0.0/0

Allow all outbound traffic.

Inbound

All

All

Source: current security group ID (for example, sg-xxxxx)

Allow inbound traffic from BMSs added to the same security group.

Inbound

TCP

22

Source: 0.0.0.0/0

Allows all IP addresses to access Linux BMSs over SSH.

Inbound

TCP

3389

Source: 0.0.0.0/0

Allows all IP addresses to access Linux BMSs over RDP.

For more information, see Virtual Private Cloud User Guide.