Unless it is changed, all projects that you create will have a default security group, meaning that all incoming traffic will be denied and only outgoing traffic will be allowed from your instance.

This can be checked via CLI. You can make changes to security groups by using the following commands.

You can list your security groups by running the following:

(venv) [edu@jump~]$ openstack security group list

Note: Each command is followed by a screen capture of an example of what would appear on the screen. Click on the graphic to see the results clearly.

openstack security group list command

You can list your security group rules with the following command:

(venv) [edu@jump~]$ openstack security group list efaa6f8b-0156-4a1d-a74a-369d5c414938

openstack security group list command

The default security group identifier is pulled from the TR Sec Group provided at the end of the previous list. You can see it in the first screenshot.

If you’re going to create a new security group then you would use the following command. The group is called “doc_test.” The provided description is simply a text string describing the new security group: “More testing.”

(venv) [edu@jump ~]$ openstack security group create doc_test --description "More testing"

openstack security group create command

In order to add a rule to the new security group, you would use the following command.

(venv) [edu@jump ~]$ openstack security group rule create doc_test \ --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0

openstack security group rule create command shows the creation of a rule within a specified security group

If you wish to delete a security group, then you would use the following command. The screenshot shows that we’re deleting the “doc_test” security group that we had just created.

(venv) [edu@jump ~]$ openstack security group delete doc_test(venv)

Congratulations! You’re now familiar with using the OpenStack commands to manage security groups. You can learn more by going to the OpenStack Education channel and viewing the tutorials listed there.