Security groups are sets of IP filter rules that are applied to all project instances, and which define networking access to the instance. Group rules are project specific; project members can edit the default rules for their group and add new rule sets. All projects have a "default" security group which is applied to any instance that has no other defined security group. Unless you change the default, this security group denies all incoming traffic and allows only outgoing traffic to your instance. For information about updating global controls on the command line, see . Log in to the OpenStack dashboard as a project member. On the Project tab, select the appropriate project from the CURRENT PROJECT drop-down list, and click the Access & Security category. On the Security Groups tab, click the Create Security Group button. Provide the group with a name and a relevant description, click Create Security Group. By default, the new rule provides outgoing access rules for the group. Log in to the OpenStack dashboard as a project member. On the Project tab, select the appropriate project from the CURRENT PROJECT drop-down list, and click the Access & Security category. On the Security Groups tab, click the relevant group's Edit rules button: To delete a rule, select the rule's check box, and click Delete Rule. To add a new rule, click Add Rule. Update the rule fields using the following rule descriptions, and click Add.

Rule Fields

Field Name	Description	Network
Rule	Rule protocol type. Valid types are: Custom TCP Rule - Typically used to exchange data between systems, and for end-user communication. Custom UDP Rule - Typically used to exchange data between systems, particularly at the application level. Custom ICMP Rule - Typically used by network devices (for example, routers) to send error or monitoring messages. Other Protocol - Other protocol type (for example, SCTP, which can be used to handle application data at the SCTP level). Only available for OpenStack Networking security groups.	Compute / OpenStack Networking
Direction	Direction of network traffic to which the rule applies: 'Ingress' (inbound) or 'Egress' (outbound).	OpenStack Networking
Open Port	For TCP or UDP rules, specifies the Port or Port Range to be opened for the rule.	Compute / OpenStack Networking
Port / From Port / To Port	For TCP or UDP rules, specifies the specific local port, or a range of local ports, for incoming or outgoing traffic.	Compute / OpenStack Networking
Type	For ICMP rules, specifies the ICMP message that is being passed.	Compute / OpenStack Networking
Code	For ICMP rules, specifies the ICMP subtype code, which provides further information about the Type message.	Compute / OpenStack Networking
IP Protocol	For 'Other Protocol' rules, specifies the IP protocol to be used for the rule. The protocol must be specified as an integer (see http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml).	OpenStack Networking
Remote	Traffic source for the rule: CIDR (Classless Inter-Domain Routing) - IP address block, which limits access to IPs within the block. Security Group - Source Group which allows any instance in the group to access any other group instance.	Compute / OpenStack Networking
Ether Type	Traffic protocol to be used for the rule ('IPv4' or 'IPv6').	OpenStack Networking

Log in to the OpenStack dashboard as a project member. On the Project tab, select the appropriate project from the CURRENT PROJECT drop-down list, and click the Access & Security category. On the Security Groups tab, select the relevant group's check box, and click the Delete Security Group button.