Controlling network traffic by using security groups and rules

A security group is a named container for security group rules, which provide Rackspace Public Cloud users the ability to specify the types of traffic that are allowed to pass through, to, and from ports (Public/ServiceNet) on a Cloud server instance. After an instance is active, you can assign one or more security groups to Neutron ports on that instance. You cannot apply security groups to a port at boot time.

Note

There are no default security groups created for you in your Rackspace account. In order to use security groups, you have to create them first and then apply them to Neutron ports that belong to Cloud Server instances.

For more information about security groups and security group rules, see Security groups and rules.

The following flow chart shows the steps for creating, using, and modifying security groups and rules. Detailed steps are provided in this section.

The sections are also organized by example type. To simplify your path through this chapter, decide whether you prefer neutron-client or cURL examples.

Next step: Choose one of the following methods:

• Using security groups and rules with neutron
  • Creating a security group (neutron client)
  • Adding a rule for SSH traffic (neutron client)
  • Finding the port to use on the server (nova/neutron client)
  • Applying security group with SSH rule to a port on the server (neutron client)
  • Adding a rule for ICMP traffic (neutron client)
  • Applying security group with ICMP rule to the port on the server (neutron client)
• Using security groups and rules with cURL
  • Creating a security group (cURL)
  • Adding a rule for SSH traffic (cURL)
  • Finding the port to use on the server (cURL)
  • Applying security group with SSH rule to a port on the server (cURL)
  • Adding a rule for ICMP traffic (cURL)
  • Applying security group with ICMP rule to the port on the server (cURL)