github.com/huaweicloud/golangsdk@v0.0.0-20210831081626-d823fe11ceba/openstack/networking/v2/extensions/security/doc.go (about) 1 // Package security contains functionality to work with security group and 2 // security group rules Neutron resources. 3 // 4 // Security groups and security group rules allows administrators and tenants 5 // the ability to specify the type of traffic and direction (ingress/egress) 6 // that is allowed to pass through a port. A security group is a container for 7 // security group rules. 8 // 9 // When a port is created in Networking it is associated with a security group. 10 // If a security group is not specified the port is associated with a 'default' 11 // security group. By default, this group drops all ingress traffic and allows 12 // all egress. Rules can be added to this group in order to change the behaviour. 13 // 14 // The basic characteristics of Neutron Security Groups are: 15 // 16 // For ingress traffic (to an instance) 17 // - Only traffic matched with security group rules are allowed. 18 // - When there is no rule defined, all traffic is dropped. 19 // 20 // For egress traffic (from an instance) 21 // - Only traffic matched with security group rules are allowed. 22 // - When there is no rule defined, all egress traffic are dropped. 23 // - When a new security group is created, rules to allow all egress traffic 24 // is automatically added. 25 // 26 // "default security group" is defined for each tenant. 27 // - For the default security group a rule which allows intercommunication 28 // among hosts associated with the default security group is defined by default. 29 // - As a result, all egress traffic and intercommunication in the default 30 // group are allowed and all ingress from outside of the default group is 31 // dropped by default (in the default security group). 32 package security