A security group is a set of configurable allowing traffic flow rules that can be assigned to instance ports.
Creating a security group
You can create a security group on the "Firewall Settings" page of the "Virtual Networks" section in your MCS account using the "Add" button:
Viewing the list of rules
To view the current list of rules in a security group, open the desired security group in the group list on the Firewall Settings page. A window for viewing and editing group rules will appear:
Assigning a rule group to an instance
To apply a rule set to a virtual machine, the security group containing the rule set must be applied to the virtual machine.
To assign a group to an instance, go to the group settings and select "Add a virtual machine" in the " Virtual machines with rule group " section. In the menu that appears, select the instances to which the group will be added:
Removing a security group
Removing security groups is done through the "Delete" option in the group context menu on the "Firewall settings" page.
Operations in OpenStack CLI
To create a security group in the OpenStack client, run the command:
$ openstack security group create --description <group description> <new group name>
Change description, group name:
$ openstack security group set --description <description> --name <name> <group ID>
Add a group to an instance:
$ openstack server add security group <instance ID> <security group ID>
Unlink a group from an instance:
$ openstack server remove security group <instance ID> <security group ID>
View security group rules:
$ openstack security group rule list --long <security group ID>
$ openstack security group delete <group ID>