Skip to content

Security Groups

Security groups are a collection of security rules that are applied on specific VM.

Security rules in OpenStack serve as a Firewall. They are applied directly on VM ports and therefore proper configuration is necessary. Ingress as well as egress rules can be configured using Horizon and CLI. If you can't connect via SSH or ping your instance, chances are it is because of security rules.

Every OpenStack project contains the default security group containing only set of egress rules (in the Horizon, refer to Project / Network / Security Groups). If you accidentally delete default egress rules, your virtual machine will not be able to send outgoing communication. To fix this, add a new egress rule with any IP protocol and port range, set Remote IP prefix to (IPv4) or ::/0 (IPv6).

Example configuration is available on page Managing security groups. For full CLI reference please refer to OpenStack docs.

Also refer to the example of new Security group creation containing custom rules within VM provisioning CLI example.

Last update: January 17, 2024