Ask Your Question

Revision history [back]

Start here: https://docs.openstack.org/nova/queens/admin/security-groups.html.

The 2 minutes overview: OpenStack puts a firewall around an instance. By default, any incoming traffic is blocked, and any outgoing traffic is permitted. A security group and the rules it contains selectively opens and closes ports in that firewall.

A rule includes protocol (ICMP, TCP, UDP) and port (or ICMP type), as well as address ranges and other security groups. Incoming traffic that matches protocol, port/type, security group and address range will be let through. Of course, you can also create rules for outgoing traffic.

You then specify security groups (any number) when launching instances.