firewall group

A firewall group is a perimeter firewall management to Networking. Firewall group uses iptables to apply firewall policy to all VM ports and router ports within a project.

Network v2

firewall group create

Create a firewall group for a given project.

openstack firewall group create
--name <name>

Name for the firewall group.

--enable

Enable firewall group (default).

--disable

Disable firewall group.

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).

--private

Restrict use of the firewall group to the current project.

--project <project>

Owner’s project (name or ID).

--project-domain <project-domain>

Domain the project belongs to (name or ID). This can be used in case collisions between project names exist.

--description <description>

A description of the firewall group.

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID).

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group.

--egress-firewall-policy <egress-firewall-policy>

Egress firewall policy (name or ID).

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group.

--port <port>

Port(s) to apply firewall group (name or ID).

--no-port

Detach all port from the firewall group.

firewall group delete

Delete firewall group(s)

openstack firewall group delete
    <firewall-group> [<firewall-group> ...]
<firewall-group>

Firewall group(s) to delete (name or ID).

firewall group list

List all firewall groups

openstack firewall group list
    [--long]
--long

List additional fields in output.

firewall group set

Set firewall group properties

openstack firewall group set
<firewall-group>

Firewall group to set (name or ID).

--name <name>

Set firewall group name.

--enable

Enable firewall group (default).

--disable

Disable firewall group.

--public

Make the firewall group public, which allows it to be used in all projects (as opposed to the default, which is to restrict its use to the current project).

--private

Restrict use of the firewall group to the current project.

--description <description>

A description of the firewall group.

--ingress-firewall-policy <ingress-firewall-policy>

Ingress firewall policy (name or ID).

--no-ingress-firewall-policy

Detach ingress firewall policy from the firewall group.

--egress-firewall-policy

Egress firewall policy (name or ID).

--no-egress-firewall-policy

Detach egress firewall policy from the firewall group.

--port <port>

Port(s) to apply firewall group.

--no-port

Detach all port from the firewall group.

firewall group show

Show information of a given firewall group

openstack firewall group show
    <firewall-group>
<firewall-group>

Firewall group to display (name or ID).

firewall group unset

Unset firewall group properties

openstack firewall group unset
<firewall-group>

Firewall group to unset (name or ID).

--enable

Disable firewall group.

--public

Restrict use of the firewall group to the current project.

--ingress-firewall-policy

Detach ingress firewall policy from the firewall group.

--egress-firewall-policy

Detach egress firewall policy from the firewall group.

--port <port>

Remove port(s) from the firewall group.

--all-port

Remove all ports from the firewall group.