Security Groups

Overview

Security groups act as virtual firewalls that control inbound and outbound network traffic for instances. Each instance port can have one or more security groups assigned. Security group rules apply to all traffic on that port.

Prerequisites

An active instance with at least one network interface
Existing security groups with configured rules
For creating security groups, see Network Security Groups

Manage Security Groups on an Instance

Dashboard
CLI

Open the Manage Security Group dialog

Navigate to Compute > Instances. Click the More dropdown on the instance row, then select Manage Security Group under the Related Resources group.

This action is always available regardless of instance status. No lock check is required.

Select a port

The dialog shows:

Field	Description
Instance	Current instance name (read-only)
Port	Select the network interface to configure (required)

The port table shows all instance interfaces with:

Column	Description
ID	Port identifier
Network Name	Network the port belongs to
IPv4 Address	Assigned IPv4 address
IPv6 Address	Assigned IPv6 address
MAC Address	Hardware address
Status	Port status

Ports with port security disabled cannot have security groups assigned. These ports are shown as disabled in the selection table.

Select security groups

After selecting a port, the Security Group table loads with the port’s current security groups pre-selected.Add or remove security groups by toggling the checkboxes. Multiple security groups can be assigned to a single port.Click Confirm to apply the changes.

Security group assignment updated for the selected port.

Source credentials

source openrc.sh

openstack server add security group <INSTANCE_ID> <SECURITY_GROUP>

CLI commands apply security groups to all ports on the instance. For per-port security group management, use the openstack port set command:

Set security groups on a specific port

openstack port set --security-group <SG_ID> <PORT_ID>

View Instance Security Groups

Dashboard
CLI

Navigate to Compute > Instances and click the instance name. Go to the Security Groups tab to view all security groups assigned to each interface.

List security groups on an instance

openstack server show <INSTANCE_ID> -c security_groups

Next Steps

Network Security Groups

Create security groups and configure inbound/outbound rules

Manage IP Addresses

Associate floating IPs to make instances reachable externally

Launch an Instance

Assign security groups during instance creation

Troubleshooting

Resolve connectivity issues related to security group rules

Core Services

Other Services

Security Groups

Overview

Manage Security Groups on an Instance

Open the Manage Security Group dialog

Select a port

Select security groups

View Instance Security Groups

Next Steps

Network Security Groups

Manage IP Addresses

Launch an Instance

Troubleshooting

Core Services

Other Services

Documentation Index

​Overview

​Manage Security Groups on an Instance

Open the Manage Security Group dialog

Select a port

Select security groups

​View Instance Security Groups

​Next Steps

Network Security Groups

Manage IP Addresses

Launch an Instance

Troubleshooting

Overview

Manage Security Groups on an Instance

View Instance Security Groups

Next Steps