Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to modify the new security group to allow ping and ssh instance. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something from this article.

Neutron's default security group rules prohibit all traffic accessing the instance from the outside.

We will modify the configuration of the security group to allow ping and ssh instance.

There are two ways to do this:

1. Modify the default security group.

two。 Add a new security group for cirros-vm1.

Here we use the second method.

Click on the security group list page

Button.

Name the security group and click "Create Security Group".

A new security group "allow ping & ssh" was created successfully.

Click the button to view the rules for "allow ping & ssh".

By default, the system defines two rules to run all outbound traffic.

For clarity, you can click the button to delete the two rules.

Click

Button to add a rule that allows ping.

"Rule" select "All ICMP", "Direction" select "Ingress", and then click the "Add" button.

Add ssh rules in the same way.

View the rules that were successfully added in the list.

Next, set up cirros-vm1 to use the new security group.

Go to the instance list page and click "Edit Security Groups" in the cirros-vm1 drop-down operation list.

You can see that the security group currently used by cirros-vm1 is "default" and the optional security group is "allow ping & ssh".

Click the + button after the security group "allow ping & ssh".

Click "Save" to save.

Iptables will be updated immediately. Let's check the changes before and after iptables through vimdiff.

The "allow ping & ssh" security group introduces the following two iptables rules.

The role is to run ssh and ping traffic for ingress.

-A neutron-linuxbri-i8bca5b86-2-p tcp-m tcp-- dport 22-j RETURN

-A neutron-linuxbri-i8bca5b86-2-p icmp-j RETURN

To test it, you can now ping and ssh cirros-vm1.

Security groups have the following characteristics:

1. Traffic in and out of the instance is controlled by iptables rules on the host machine.

two。 The security group acts on the port of instance.

3. The rules of the security group are all allow, and the rules of deny cannot be defined.

4. Instance can apply multiple security groups to overlay the rules in these security groups.

After reading the above, do you have any further understanding of how to modify the new security group to allow ping and ssh instance? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.