[OpenStack] Default Security Group - mystery box
by czezz from LinuxQuestions.org on (#5CZP4)
Technically, Default Security Group should block any incoming traffic to the instance AND allow any outgoing traffic from the instance.
However when I look at the details of the Default SG, it says ingress (where I would expect egress) and the port range is set to: none (which either it means 1- 65535 or maybe it means blocked any port?).
But then it doesnt make much sense to the first sentence.
Where is the definition to block all incoming traffic (ingress)
Where is the definition to open all outgoing traffic (I would expect egress with port range 1- 65535)
Can anyone shed some light on this, please?
Code:$ openstack security group rule show c610bfdd-bac6-4fb4-b513-b5dfe47c745d
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| description | |
| direction | ingress |
| ethertype | IPv4 |
| id | c610bfdd-bac6-4fb4-b513-b5dfe47c745d |
| port_range_max | None |
| port_range_min | None |
| project_id | 0fbad8bca66549dabe2d95c0d738fe41 |
| protocol | None |
| remote_group_id | f052b9b0-f3d3-41f4-b013-38d7cc885ebc |
| remote_ip_prefix | None |
| security_group_id | f052b9b0-f3d3-41f4-b013-38d7cc885ebc |
+-------------------+--------------------------------------+
However when I look at the details of the Default SG, it says ingress (where I would expect egress) and the port range is set to: none (which either it means 1- 65535 or maybe it means blocked any port?).
But then it doesnt make much sense to the first sentence.
Where is the definition to block all incoming traffic (ingress)
Where is the definition to open all outgoing traffic (I would expect egress with port range 1- 65535)
Can anyone shed some light on this, please?
Code:$ openstack security group rule show c610bfdd-bac6-4fb4-b513-b5dfe47c745d
+-------------------+--------------------------------------+
| Field | Value |
+-------------------+--------------------------------------+
| description | |
| direction | ingress |
| ethertype | IPv4 |
| id | c610bfdd-bac6-4fb4-b513-b5dfe47c745d |
| port_range_max | None |
| port_range_min | None |
| project_id | 0fbad8bca66549dabe2d95c0d738fe41 |
| protocol | None |
| remote_group_id | f052b9b0-f3d3-41f4-b013-38d7cc885ebc |
| remote_ip_prefix | None |
| security_group_id | f052b9b0-f3d3-41f4-b013-38d7cc885ebc |
+-------------------+--------------------------------------+