EXC

Security Group

Security-groups can be used to allow egress or ingress traffic. By default security-groups have a DROP policy and only traffic permitted is allowed to flow through the VM.

Statefulness of Security Groups

Security groups in Excloud are stateful. That means when you create an Egress rule all connections are automatically tracked. This simplifies rule management and ensures proper functioning of applications that need bidirectional communication.

Supported Protocols

  • IPv4
  • IPv6
  • TCPv4
  • TCPv6
  • UDPv4
  • UDPv6

Did you know?

Create a IPv4 or IPv6 rules if you want to all TCP and UDP traffic. Also with IPv4 and IPv6 the port_range always has to be ANY

exc securitygroup rule egress create --cidr 0.0.0.0/0 --protocol IPv4 --port_range ANY --security_group_id $SG_ID
exc securitygroup rule egress create --cidr ::/0 --protocol IPv6 --port_range ANY --security_group_id $SG_ID

Create a TCPv4 and TCPv6 rules if you want to allow HTTP traffic.

exc securitygroup rule egress create --cidr 0.0.0.0/0 --protocol TCPv4 --port_range 80 --security_group_id $SG_ID
exc securitygroup rule egress create --cidr ::/0 --protocol TCPv6 --port_range 80 --security_group_id $SG_ID

Examples

Create a Security Group with Rules

  1. Create a Security Group

    exc securitygroup create --name my-security-group --description "Allow ingress and egress"

  2. Create Ingress Rules to Allow HTTP, SSH

    exc securitygroup rule ingress create --cidr 0.0.0.0/0 --protocol TCPv4 --port_range 8080-8081,22 --security_group_id $(exc securitygroup list | awk '/my-security-group/{print $1}')
exc securitygroup rule ingress create --cidr ::/0 --protocol TCPv6 --port_range 8080-8081,22 --security_group_id $(exc securitygroup list | awk '/my-security-group/{print $1}')

  3. Create Egress Rules to Allow All Traffic

    exc securitygroup rule egress create --cidr 0.0.0.0/0 --protocol IPv4 --port_range ANY --security_group_id $(exc securitygroup list | awk '/my-security-group/{print $1}')
exc securitygroup rule egress create --cidr ::/0 --protocol IPv6 --port_range ANY --security_group_id $(exc securitygroup list | awk '/my-security-group/{print $1}')
Prev
Bandwidth
Next
CLI Overview