Ask Your Question
0

How to create security group rule with 'ALL' for protocol

asked 2020-02-11 18:09:05 -0500

Kav gravatar image

Hi everyone,

In our default security group we had a rule which had the protocol set to 'ALL' and the 'remote security group' set as itself, so it was a clean way of allowing all traffic between members of the same security group.

How do I create this rule myself? I have tried using "openstack security group rule create" via CLI, but the syntax just doesnt seem to allow 'ALL' for the protocol. Leaving that parameter out just defaults to 'TCP'.

edit retag flag offensive close merge delete

2 answers

Sort by ยป oldest newest most voted
1

answered 2020-02-11 21:20:03 -0500

The API accepts any as the protocol name. This seems to work with the openstack command as well (just tried it on Stein).

edit flag offensive delete link more
0

answered 2020-02-12 00:56:06 -0500

Kav gravatar image

*slaps forehead... thanks.

I was going off: https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/security-group-rule.html#security-group-rule-create (https://docs.openstack.org/python-ope...)

and the error on the CLI was "Error while executing command: BadRequestException: 400, Security group rule protocol all not supported. Only protocol values [None, 'ah', 'pgm', 'tcp', 'ipv6-encap', 'dccp', 'igmp', 'icmp', 'esp', 'ipv6-icmp', 'vrrp', 'gre', 'sctp', 'rsvp', 'ipv6-route', 'udp', 'ipv6-opts', 'ipv6-nonxt', 'udplite', 'egp', 'icmpv6', 'ipv6-frag', 'ospf'] and integer representations [0 to 255] are supported."

Seems obvious now :)

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2020-02-11 18:09:05 -0500

Seen: 73 times

Last updated: Feb 11