gophercloud: github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security Index | Files | Directories

package security

import "github.com/rackspace/gophercloud/openstack/networking/v2/extensions/security"

Package security contains functionality to work with security group and security group rules Neutron resources.

Security groups and security group rules allows administrators and tenants the ability to specify the type of traffic and direction (ingress/egress) that is allowed to pass through a port. A security group is a container for security group rules.

When a port is created in Networking it is associated with a security group. If a security group is not specified the port is associated with a 'default' security group. By default, this group drops all ingress traffic and allows all egress. Rules can be added to this group in order to change the behaviour.

The basic characteristics of Neutron Security Groups are:

For ingress traffic (to an instance)

- Only traffic matched with security group rules are allowed.
- When there is no rule defined, all traffic is dropped.

For egress traffic (from an instance)

- Only traffic matched with security group rules are allowed.
- When there is no rule defined, all egress traffic are dropped.
- When a new security group is created, rules to allow all egress traffic
  is automatically added.

"default security group" is defined for each tenant.

- For the default security group a rule which allows intercommunication
  among hosts associated with the default security group is defined by default.
- As a result, all egress traffic and intercommunication in the default
  group are allowed and all ingress from outside of the default group is
  dropped by default (in the default security group).

Index

Package Files

doc.go

Directories

PathSynopsis
groups
rules

Updated 2016-07-23. Refresh now. Tools for package owners. This is an inactive package (no imports and no commits in at least two years).