Skip to main content
Create a group
Last update:

Create a group

When creating a group, you can add rules for incoming traffic to allow it immediately. Outbound traffic is allowed by default — two rules for outbound traffic are automatically added to the group, which cannot be changed or deleted during group creation.

Once you have created a group, you can remove any rules in it, including the default rules, and create new.

You can create a group with stateful mode and protocols via the control panel rules TCP, UDP, ICMP, or Any (all protocols). Through the OpenStack CLI, you can create a group with stateful or stateless mode AND any rule protocol.

  1. В control panels from the top menu, press Products and select Cloud servers.

  2. Go to the section Security groups.

  3. Click Create a security team.

  4. Select pool A group will be created in the pool. It can only be assigned to ports in the same pool.

  5. Create rules for incoming traffic. To do this, in the block Incoming traffic:

    5.1 If one of the rule templates for incoming traffic is suitable for you, click on the template name. The Protocol, Source, Source Port, Traffic Destination, and Destination Port fields will be filled in automatically. Go to step 6.

    5.2 If the templates do not fit, add your own rule for incoming traffic. Click Add an incoming traffic rule.

    5.3. Select a protocol or press All protocols.

    5.4 Specify the traffic source (Source):

    • for traffic from an IP address or subnet — select CIDR and enter an IP address or subnet, or tap All sources;
    • for traffic from the security group — select Security Group and select a group. Security groups in the same pool are available. If you need to accept traffic from another pool, specify the source CIDR.

    5.5. Enter the port on which traffic is allowed to be received (Dst. port) — a single port or a range of ports, or press All ports.

    5.6 Optional: enter a comment for the rule.

    5.7. Press Add. Once a group has been created, a rule cannot be changed, but can remove the rule и create a new.

    5.8 To add another rule, repeat steps 5.2 through 5.7.

  6. Optional: in the unit Ports check the ports to which the security group will be assigned. Ports with the following enabled are available port security When you create a group on the selected ports, any active sessions that do not comply with the group rules will be terminated. After the group is created, any active sessions that do not comply with the group rules will be terminated on the selected ports.

  7. Enter a name for the group or leave the name created automatically.

  8. Optional: enter a comment for the group.

  9. Click Create a security team. To limit outgoing traffic, remove the rules default and create new ones.