osc network security-group-rule create

Creates an OpenStack Networking security group rule.

Normal response codes: 201

Error response codes: 400, 401, 404, 409

Usage: osc network security-group-rule create [OPTIONS]

Options:

  • --description <DESCRIPTION> — A human-readable description for the resource. Default is an empty string

  • --direction <DIRECTION> — Ingress or egress, which is the direction in which the security group rule is applied

    Possible values: egress, ingress

  • --ethertype <ETHERTYPE> — Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules

    Possible values: ipv4, ipv6

  • --port-range-max <PORT_RANGE_MAX> — The maximum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the port_range_min attribute value. If the protocol is ICMP, this value must be an ICMP code

  • --port-range-min <PORT_RANGE_MIN> — The minimum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type

  • --protocol <PROTOCOL> — The IP protocol can be represented by a string, an integer, or null. Valid string or integer values are any or 0, ah or 51, dccp or 33, egp or 8, esp or 50, gre or 47, icmp or 1, icmpv6 or 58, igmp or 2, ipip or 4, ipv6-encap or 41, ipv6-frag or 44, ipv6-icmp or 58, ipv6-nonxt or 59, ipv6-opts or 60, ipv6-route or 43, ospf or 89, pgm or 113, rsvp or 46, sctp or 132, tcp or 6, udp or 17, udplite or 136, vrrp or 112. Additionally, any integer value between [0-255] is also valid. The string any (or integer 0) means all IP protocols. See the constants in neutron_lib.constants for the most up-to-date list of supported strings

  • --remote-address-group-id <REMOTE_ADDRESS_GROUP_ID>

  • --remote-group-id <REMOTE_GROUP_ID> — The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body

  • --remote-ip-prefix <REMOTE_IP_PREFIX> — The remote IP prefix that is matched by this security group rule

  • --security-group-id <SECURITY_GROUP_ID> — The security group ID to associate with this security group rule

  • --tenant-id <TENANT_ID>