Listing security group default rules

GET /v2.0/default-security-group-rules

List security group rules that are used for every newly created security group.

Source: https://docs.openstack.org/api-ref/network/v2/index.html#list-security-group-default-rules

Request

Parameters

Name In Type Description
id (Optional) query string Filter the list result by the ID of the resource.
description (Optional) query string Filter the list result by the human-readable description of the resource.
remote_group_id (Optional) query string Filter the security group rule list result by the ID of the remote group that associates with this security group rule.
remote_address_group_id (Optional) query string Filter the security group rule list result by the ID of the remote address group that associates with this security group rule.
direction (Optional) query string Filter the security group rule list result by the direction in which the security group rule is applied, which is ingress or egress.
protocol (Optional) query string Filter the security group rule list result by the IP protocol.
ethertype (Optional) query string Filter the security group rule list result by the Ethertype of network traffic. The value must be IPv4 or IPv6.
port_range_max (Optional) query integer Filter the security group rule list result by the maximum port number in the range that is matched by the security group rule.
port_range_min (Optional) query integer Filter the security group rule list result by the minimum port number in the range that is matched by the security group rule.
remote_ip_prefix (Optional) query string Filter the list result by the remote IP prefix that is matched by this security group rule.
used_in_default_sg (Optional) query boolean Filter by security group rule templates which should be used in default security group created automatically for each new project.
used_in_non_default_sg (Optional) query boolean Filter by security group rule templates which should be used in custom security groups created by project users.
sort_dir (Optional) query string Sort direction. A valid value is asc (ascending) or desc (descending). You can specify multiple pairs of sort key and sort direction query parameters.
sort_key (Optional) query string

Sorts by a security group attribute. You can specify multiple pairs of sort key and sort direction query parameters. The sort keys are limited to:

  • direction
  • ethertype
  • id
  • port_range_max
  • port_range_min
  • protocol
  • remote_group_id
  • remote_ip_prefix
  • security_group_id
  • tenant_id
  • project_id
fields (Optional) query string The fields that you want the server to return. If no fields query parameter is specified, the networking API returns all attributes allowed by the policy settings. By using the fields parameter, the API returns only the requested set of attributes. The fields parameter can be specified multiple times. For example, if you specify fields=id&fields=name in the request URL, only the id and name attributes will be returned.

Example

# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' \
https://<node_IP_addr>:9696/v2.0/default-security-group-rules

Response

Parameters

Name In Type Description
default_security_group_rules body array A list of default_security_group_rule objects.
id body string The ID of the security group rule.
description body string A human-readable description for the resource.
remote_group_id body string The remote group UUID to associate with this security group rule.
remote_address_group_id body string The remote address group UUID that is associated with this security group rule.
direction body string Ingress or egress, which is the direction in which the security group rule is applied.
protocol body string The IP protocol represented by a string, an integer, or null. The string any (or integer 0) means all IP protocols.
ethertype body string Ethertype: IPv4 or IPv6.
port_range_max body integer The maximum port number in the range that is matched by the security group rule.
port_range_min body integer The minimum port number in the range that is matched by the security group rule.
remote_ip_prefix body string The remote IP prefix that is matched by this security group rule.
used_in_default_sg body boolean Indicates whether this security group rule template will be used in the default security group created automatically for each new project.
used_in_non_default_sg body boolean Indicates whether this security group rule template will be used in custom security groups created by a project user.

Status codes

Success

Code Reason
200 - OK Request was successful.

Error

Code Reason
401 - Unauthorized

User must authenticate before making a request.

Example

{
  "default_security_group_rules": [
    {
      "id": "016e6f70-c306-43d5-b386-8113e84b432f",
      "ethertype": "IPv4",
      "direction": "ingress",
      "protocol": null,
      "port_range_min": null,
      "port_range_max": null,
      "remote_ip_prefix": "0.0.0.0/0",
      "remote_address_group_id": null,
      "remote_group_id": null,
      "description": "Legacy default SG rule for ingress traffic",
      "used_in_default_sg": true,
      "used_in_non_default_sg": false
    },
    {
      "id": "a7e08175-2486-40b0-8a1d-a766087e6923",
      "ethertype": "IPv6",
      "direction": "ingress",
      "protocol": null,
      "port_range_min": null,
      "port_range_max": null,
      "remote_ip_prefix": "::/0",
      "remote_address_group_id": null,
      "remote_group_id": null,
      "description": "Legacy default SG rule for ingress traffic",
      "used_in_default_sg": true,
      "used_in_non_default_sg": false
    }
  ]
}