- 积分
- 16840
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
neutron中使用openstack命令创建删除安全组及规则
( X7 P+ g+ X8 [: C5 H: J' r6 N5 {) {+ ~6 P; P. J7 I
删除安全组:
9 F% a- f' `/ X[root@controller ~]# openstack security group list) `$ Q! e4 w9 h3 ]# {0 H5 P* e8 c5 ?
+--------------------------------------+---------+------------------------+----------------------------------+------+" J+ q6 _! w0 _% t+ _8 ~
| ID | Name | Description | Project | Tags |/ t& |5 j* _3 l& p* t
+--------------------------------------+---------+------------------------+----------------------------------+------+
' G! ?7 F' T& F9 U" O" C| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |! j* T* [* B% g; r' P5 w
| 9781e350-b8a7-4b90-8226-f9f63342523a | Long | | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |8 X# x- Q. h2 P2 r! a g
+--------------------------------------+---------+------------------------+----------------------------------+------+
2 O m1 |! Y/ q' |+ o. I K[root@controller ~]# openstack security group delete 9781e350-b8a7-4b90-8226-f9f63342523a 0 x$ g+ \5 i2 {+ Q8 `
& _) U5 R3 w: s& E' d! u' R4 m$ n3 e
查看安全组:; m% n8 |. K! j D( G* c9 } I9 [
[root@controller ~]# openstack security group list : K3 r, v9 r3 e: R7 K, V
+--------------------------------------+---------+------------------------+----------------------------------+------+
' w! a: y- B4 q7 b| ID | Name | Description | Project | Tags |
; ?" U' U8 @: N5 T0 H) U+--------------------------------------+---------+------------------------+----------------------------------+------+
# W ?! O9 ^, b! K. H" H| 2b860c0d-9b0a-46cd-b045-97aa0e88f13a | default | Default security group | ac0c16aaf48e4846a5ebacbe43cea4f9 | [] |
8 A: P7 r% r1 x& d9 j* d* J/ V+--------------------------------------+---------+------------------------+----------------------------------+------+
# n1 B( Y* U( E2 y; u查看安全组规则:
( P/ _6 h. R G l9 s[root@controller ~]# openstack security group rule list 2b860c0d-9b0a-46cd-b045-97aa0e88f13a / Q, c9 R9 Z+ G% l" K8 o' ^: O
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+' [6 g2 ?% M' a9 }9 r6 Z
| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |
( w6 f9 J# s0 B% Z! g# O+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+. s E9 R1 a4 R
| 6842b3e8-36ac-43ca-a022-d60dca1f820a | None | IPv6 | ::/0 | | None |9 M# F! Q8 ^" l% P3 I. T7 ?
| 70472481-6269-4280-b6db-548740cea5a3 | None | IPv4 | 0.0.0.0/0 | | None |
* o: i4 c8 a U4 m2 ^ T. w' }: r| c8fd6444-f381-4233-8ae2-67ef25e58094 | None | IPv6 | ::/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |+ X, I. d. s) E7 w2 N' \
| fc01cd74-ee71-48f9-ba55-011fbc43cec8 | None | IPv4 | 0.0.0.0/0 | | 2b860c0d-9b0a-46cd-b045-97aa0e88f13a |8 `( j @% Y9 W' ]7 t
+--------------------------------------+-------------+-----------+-----------+------------+--------------------------------------+
7 y8 {3 H7 e5 u9 _' r1 k8 s" j* Q( O. N$ P3 b
2 N/ J* d$ C2 t# C% R创建安全组:1 R) S8 E5 j6 k* m5 J
- k; `! {) D* _! H. @/ l1 T
[root@controller ~]# openstack security group create sshopen
- _) N @, C8 p# V% ]+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+ \6 z. \5 d3 g; S) O6 || Field | Value |
' H3 ~/ w: L0 l ~! o+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+; p1 V# \* g+ b. i7 h. F5 O6 P! t
| created_at | 2021-03-27T12:56:50Z |' c, a/ K! z. M( _+ b. j
| description | sshopen |2 W" H3 B) q2 @3 N" i- e
| id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |% b2 f/ {; }4 K7 p( A& _. z7 r! x
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |- s* j9 G5 B' j. ^8 k3 v
| name | sshopen |) c! z+ ?# |9 K9 n) Q
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |) s" d1 P) w/ j$ T' O* H( e5 t: c
| revision_number | 1 |$ g" ^4 W# S' r8 O: b$ o. |: v
| rules | created_at='2021-03-27T12:56:51Z', direction='egress', ethertype='IPv6', id='392d81d6-5d73-4264-9bf5-f863211ee695', updated_at='2021-03-27T12:56:51Z' |
8 |3 x5 a6 I2 \1 Z8 i| | created_at='2021-03-27T12:56:50Z', direction='egress', ethertype='IPv4', id='3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390', updated_at='2021-03-27T12:56:50Z' |) G* K: z3 B* z- }2 U" C: ~0 P I
| stateful | True |9 C; D6 Y- p; n" U$ t
| tags | [] |
; y4 s* C' M! || updated_at | 2021-03-27T12:56:50Z |: o, D1 }- {. d9 `/ j; q
+-----------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
: n M) l- l/ N. N" ^, N5 C5 {; Y S/ a- _' q
/ o4 G+ f8 T7 c7 a! J' a S
创建安全组规则:openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --remote-ip 0.0.0.0/0" G" O: o6 T( [" Y/ F
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 d0 w; p7 G, Y8 j| Field | Value |
8 t& i! J/ _$ y% `( C+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+% H5 D/ ?' L s# ?
| created_at | 2021-03-27T13:11:38Z |9 @( d# i) Q" B
| description | ingress | G' A% ?$ Q; w, ^( B1 J
| direction | ingress | p: R, \9 _( O) Z' t
| ether_type | IPv4 |
2 v* X- G/ [" ~5 X& S- q| id | f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 |, `7 e) i( K. L% |: ~
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |( ], U. k! ~* V; P" k. Z* Y
| name | None |& o0 G7 z _$ W2 g1 T1 A
| port_range_max | None |( \/ t7 t+ B) E/ C) u7 j; H- N
| port_range_min | None |
& a/ T a' z4 n+ G* H8 Q I) @| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
" d! m5 |; l7 Q) v| protocol | tcp |. u% J* Z* H+ \$ Z7 `2 e' S& W( J
| remote_group_id | None |: |0 ]4 T2 n" S8 N
| remote_ip_prefix | 0.0.0.0/0 |8 p8 z: D& B7 X6 _! z, C: N0 I
| revision_number | 0 |6 c/ \8 r, }/ ^ v' N0 d) I
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |0 D' I4 i$ B; H" q0 _, y Q+ P
| tags | [] |/ `0 \5 T, o2 G
| updated_at | 2021-03-27T13:11:38Z |8 J4 `$ I D0 _) `( h
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
0 `2 Q( C; R. p) T+ t0 g/ j v$ s1 ]! A, C5 E% R6 o
添加一个22端口的安全组规则:
: c7 F7 f: o( D0 Z7 S[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description ingress --ingress --ethertype IPv4 --protocol tcp --dst-port 22 --dst-port 22 --remote-ip 0.0.0.0/02 X P8 M- l. G3 G2 X E( R
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+5 |1 F5 `' w# p1 C- z
| Field | Value |
4 {2 M$ g. y: j6 z/ ]$ W3 Y0 w4 [+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
: F6 b8 b9 E, f) W. V( E2 [| created_at | 2021-03-27T13:28:31Z |
( ^6 @3 {. b4 W! A4 q| description | ingress |
9 M/ Q( `9 a- z r| direction | ingress |& H# H) `" J9 X- n: E0 I! j* o; E
| ether_type | IPv4 |" P3 v3 J6 {: K/ t2 P# X" W
| id | 17f02f7e-049e-4671-908c-68a99470c3d4 |" y. {4 }) N/ i( s$ g7 D* q
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
0 E! D' B# S {) a' ~; X0 g/ N" s| name | None |
0 p6 B* @" ]9 x. D$ R& i| port_range_max | 22 |3 f: ^) t' c' H4 W5 Z0 e
| port_range_min | 22 |0 L# w) p$ y+ r% @- H5 N2 Y* S, v
| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |5 N; N8 m) o& W! f9 C0 {; i: `. O( v
| protocol | tcp |
# D# N' k6 E1 D: _" r0 y+ p| remote_group_id | None |
, e! M6 ?- o8 i( |8 q0 \| remote_ip_prefix | 0.0.0.0/0 |& c! [- n' h% ]8 d
| revision_number | 0 |9 M0 H; w( [& c8 f& l
| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |
# P7 ~0 Q2 |; g3 z| tags | [] |0 h: C9 S. x5 C v- H
| updated_at | 2021-03-27T13:28:31Z |
) P9 `* q* r4 _" n" Z5 @7 n$ t9 J+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+
' R4 T# n8 I$ P0 C1 C! d1 {1 X
8 ^* R- N* t- G添加一条tcp协议的22-65535的端口规则:
j% m% O( D. i* a3 _2 d# \9 X: Q) d" q8 j. I G
[root@controller ~]# openstack security group rule create fc44a781-c34c-4e42-ab63-cf0eb9bdc251 --description '22(ssh)' --ingress --ethertype IPv4 --protocol tcp --dst-port '22:65535' --remote-ip 0.0.0.0/0' ^8 F, T1 n/ l' ?) L, {
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 T* q$ z( Y" [" N; H% I' Y
| Field | Value |
% l/ W" l& R1 ~+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+$ Q5 W F+ l+ _, s; ?
| created_at | 2021-03-27T14:01:00Z |( y- z# r: f: L5 @$ Y& a1 d1 R
| description | 22(ssh) |
6 {( X, ?6 V5 D9 v# q; [ l| direction | ingress |! `( d# p0 E& v# |+ d
| ether_type | IPv4 |4 L' r# Y6 f: q! S. U
| id | 8f0a13ed-5c45-463e-9752-7fb98b4b8edc |$ }1 @# r! d" l
| location | cloud='', project.domain_id='default', project.domain_name=, project.id='ac0c16aaf48e4846a5ebacbe43cea4f9', project.name='admin', region_name='RegionOne', zone= |
: d6 |/ V5 G; I6 ?8 w0 l1 f2 q| name | None |' a, o' R- w# a5 \ g
| port_range_max | 65535 |/ ]/ q) F+ P, f
| port_range_min | 22 |
2 O/ E# Y6 C/ a b! r5 l1 ?# r| project_id | ac0c16aaf48e4846a5ebacbe43cea4f9 |
& w& C( G2 }" s8 R| protocol | tcp |: d. d% k: l1 }( \: {. T
| remote_group_id | None |. a+ |2 j1 P, e& x6 k
| remote_ip_prefix | 0.0.0.0/0 |
" X# D/ D% W0 K% |: A3 T| revision_number | 0 |
! {* M" ~0 s' [! d x| security_group_id | fc44a781-c34c-4e42-ab63-cf0eb9bdc251 |- e! l) `5 _3 z6 v& ^. T
| tags | [] |
; H. u* `; q" I9 O% U G h8 u| updated_at | 2021-03-27T14:01:00Z |) _9 @- G1 d) C! h B% Z8 c
+-------------------+------------------------------------------------------------------------------------------------------------------------------------------------------------------+8 s# S# J9 d0 ~) L% c
9 O! I9 X6 X' Q
删除安全组规则:1 S/ ~3 n; K0 m- o5 ~6 G
[root@controller ~]# openstack security group rule list fc44a781-c34c-4e42-ab63-cf0eb9bdc2512 L- H, ]" }% Q
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+
$ [2 Z+ }6 d9 L| ID | IP Protocol | Ethertype | IP Range | Port Range | Remote Security Group |" K) g/ O7 J6 [) ?5 O% B1 j
+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+! V7 }" W- C6 m3 {
| 392d81d6-5d73-4264-9bf5-f863211ee695 | None | IPv6 | ::/0 | | None |
3 { D) |& }0 p| 3f1a18e3-fa5f-4ca3-8bc7-4ad420af2390 | None | IPv4 | 0.0.0.0/0 | | None |
1 v7 D# w3 G9 n3 c; { S| bd8402fd-9ac9-43d6-a6aa-3724280b6860 | tcp | IPv4 | 0.0.0.0/0 | 65535:65535 | None |" g2 H' W# X7 Q
| f2813ea6-3c4d-4cc7-b55d-fdf1eaece617 | tcp | IPv4 | 0.0.0.0/0 | | None |
. q, L- Y! T% G- k+ X* Y+--------------------------------------+-------------+-----------+-----------+-------------+-----------------------+' g8 m% K/ u: Q
[root@controller ~]# openstack security group rule delete bd8402fd-9ac9-43d6-a6aa-3724280b6860! f- r0 Q& x& Q6 D
1 M" H6 a& v% x6 @$ r! x
- I: L$ h3 n/ v, q" e
0 H0 w3 o- u2 x" v+ s2 K6 O2 _) n8 Y |
|
/4 
窥视卡
雷达卡
发表于 2021-3-26 20:56:44
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜
楼主
