In neutron a security group rule can have different types of "remote" -
either a CIDR or another security group.
The rule means that your "remote" is another security group - so any VM
in security group "default" can reach any port in this security group -
so "default" has opened all its ports to members of "default.
Reza
On 4/11/2016 6:15 PM, Jagga Soorma wrote:
Hi Guys,
There is a default security group rule that has the following entry:
--
Direction: Ingress
Ether Type: IPv4
IP Protocol: Any
Port Range: Any
Remote Prefix: -
Remote Security Group: default
--
Now this makes me think that it should basically allow all ingress
ipv4 traffic (udp & tcp) on any port. However we have to manually
open up ssh for example by adding another rule for port 22 and remote
prefix of 0.0.0.0/0 <http://0.0.0.0/0>. Not sure what a - in the
remote prefix means and why is this rule even there if it does
nothing. Any help understanding this would be appreciated.
Thanks.
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack