Creating security group rules

POST /v2.0/security-group-rules

Create a security group rule.

Source: https://docs.openstack.org/api-ref/network/v2/index.html#create-security-group-rule

Request

Parameters

Name	In	Type	Description
`security_group_rule`	body	object	A `security_group_rule` object.
`description` (Optional)	body	string	A human-readable description for the resource. Default is an empty string.
`remote_group_id` (Optional)	body	string	The remote group UUID to associate with this security group rule. You can specify either the `remote_group_id` or `remote_ip_prefix` attribute in the request body.
`remote_address_group_id` (Optional)	body	string	UUID of the remote address group that associates with the security group rule created from this template.
`direction`	body	string	Ingress or egress, which is the direction in which the security group rule is applied.
`protocol` (Optional)	body	string	The IP protocol can be represented by a string, an integer, or `null`. Valid string or integer values are `any` or `0`, `ah` or `51`, `dccp` or `33`, `egp` or `8`, `esp` or `50`, `gre` or `47`, `icmp` or `1`, `icmpv6` or `58`, `igmp` or `2`, `ipip` or `4`, `ipv6-encap` or `41`, `ipv6-frag` or `44`, `ipv6-icmp` or `58`, `ipv6-nonxt` or `59`, `ipv6-opts` or `60`, `ipv6-route` or `43`, `ospf` or `89`, `pgm` or `113`, `rsvp` or `46`, `sctp` or `132`, `tcp` or `6`, `udp` or `17`, `udplite` or `136`, `vrrp` or `112`. Additionally, any integer value between [0-255] is also valid. The string `any` (or integer `0`) means all IP protocols.
`ethertype` (Optional)	body	string	Must be `IPv4` or `IPv6`, and addresses represented in CIDR must match the ingress or egress rules.
`port_range_max` (Optional)	body	integer	The maximum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the `port_range_min` attribute value. If the protocol is ICMP, this value must be an ICMP code.
`security_group_id`	body	string	The security group ID to associate with this security group rule.
`port_range_min` (Optional)	body	integer	The minimum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP, or UDP-Lite, this value must be less than or equal to the `port_range_max` attribute value. If the protocol is ICMP, this value must be an ICMP type.
`remote_ip_prefix` (Optional)	body	string	The remote IP prefix that is matched by this security group rule.

Example 1

Create a single security group rule:

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '
{
    "security_group_rule": {
        "direction": "ingress",
        "port_range_min": "80",
        "ethertype": "IPv4",
        "port_range_max": "80",
        "protocol": "tcp",
        "security_group_id": "e7489f02-f846-46f2-9edf-cc5a2640041a"
    }
}' https://<node_IP_addr>:9696/v2.0/security-group-rules

Example 2

Create multiple security group rules:

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d '
{
    "security_group_rules": [
        {
            "direction": "ingress",
            "port_range_min": "80",
            "ethertype": "IPv4",
            "port_range_max": "80",
            "protocol": "tcp",
            "security_group_id": "e7489f02-f846-46f2-9edf-cc5a2640041a"
        },
        {
            "direction": "ingress",
            "port_range_min": "443",
            "ethertype": "IPv4",
            "port_range_max": "443",
            "protocol": "tcp",
            "security_group_id": "e7489f02-f846-46f2-9edf-cc5a2640041a"
        }
    ]
}' https://<node_IP_addr>:9696/v2.0/security-group-rules

Response

Parameters

Name	In	Type	Description
`security_group_rule`	body	object	A `security_group_rule` object.
`id`	body	string	The ID of the security group rule.
`tenant_id`	body	string	The ID of the project.
`project_id`	body	string	The ID of the project.
`created_at`	body	string	Time at which the resource has been created. The date and time stamp format is ISO 8601: CCYY-MM-DDThh:mm:ss±hh:mm For example, `2015-08-27T09:49:58-05:00`. The `±hh:mm` value, if included, is the time zone as an offset from UTC. In this example, the offset value is `-05:00`.
`updated_at`	body	string	Time at which the resource has been updated. If the resource has not been updated, this field will be `null`. The date and time stamp format is ISO 8601: CCYY-MM-DDThh:mm:ss±hh:mm For example, `2015-08-27T09:49:58-05:00`. The `±hh:mm` value, if included, is the time zone as an offset from UTC. In this example, the offset value is `-05:00`.
`revision_number`	body	integer	The revision number of the resource.
`description`	body	string	A human-readable description for the resource.
`remote_group_id`	body	string	The remote group UUID to associate with this security group rule.
`remote_address_group_id`	body	string	The remote address group UUID that is associated with this security group rule.
`direction`	body	string	Ingress or egress, which is the direction in which the security group rule is applied.
`protocol`	body	string	The IP protocol represented by a string, an integer, or `null`. The string `any` (or integer `0`) means all IP protocols.
`ethertype`	body	string	Ethertype: IPv4 or IPv6.
`port_range_max`	body	integer	The maximum port number in the range that is matched by the security group rule.
`security_group_id`	body	string	The security group ID that is associated with this security group rule.
`port_range_min`	body	integer	The minimum port number in the range that is matched by the security group rule.
`remote_ip_prefix`	body	string	The remote IP prefix that is matched by this security group rule.
`belongs_to_default_sg`	body	boolean	Indicates if the security group rule belongs to the default security group of the project or not.

Status codes

Success

Code	Reason
`201 - Created`	Resource was created and is ready to use.

Error

Code	Reason
`400 - Bad Request`	Some content in the request was invalid.
`401 - Unauthorized`	User must authenticate before making a request.
`404 - Not Found`	The requested resource could not be found.
`409 - Conflict`	This operation conflicted with another operation on this resource.

Example

{
  "security_group_rule": {
    "id": "5e1786ee-59fc-43ef-8bc6-01d2001c8b59",
    "tenant_id": "39bbb405942f4fba80bb75e3db78e714",
    "security_group_id": "e7489f02-f846-46f2-9edf-cc5a2640041a",
    "ethertype": "IPv4",
    "direction": "ingress",
    "protocol": "tcp",
    "port_range_min": 80,
    "port_range_max": 80,
    "remote_ip_prefix": null,
    "remote_address_group_id": null,
    "normalized_cidr": null,
    "remote_group_id": null,
    "description": "",
    "created_at": "2025-04-11T15:48:11Z",
    "updated_at": "2025-04-11T15:48:11Z",
    "revision_number": 0,
    "project_id": "39bbb405942f4fba80bb75e3db78e714"
  }
}