Add a security group rule

Describes how to add a security group rule in the KSV web console.

This topic describes how to add a security group rule in the KubeSphere Virtualization (KSV) web console.

KSV provides preset security group rules. You can add a security group rule based on business requirements. User admin can add rules to all security groups in your cluster. Project administrators and operators can add rules to the security groups created on their own, and project viewers can view only the security group rules created in the projects to which they belong.

Prerequisites

A security group is created, and inbound and outbound traffic is planned for the resources in the security group.

Procedure

Log in to the KSV web console.
In the top navigation bar, click Virtual Resources to go to the management page of virtual resources.
In the left-side navigation pane, click Security Groups.
On the Security Groups page, click the name of a security group to view its details.
On the right side of the details page, click Add Rule.

In the dialog box that appears, configure parameters for the security group rule. You can also select a preset rule in the Preset Rules section.

Parameter	Description
Name	The name of the security group rule. The name can contain only lowercase letters, digits, and hyphens (-), and must start and end with a lowercase letter or a digit. The name can contain up to 16 characters in length.
Direction	The direction of the traffic that the security group rule controls. Outbound Traffic: controls the outbound traffic of the resources associated with the security group. By default, the outbound traffic is allowed. Inbound Traffic: controls the inbound traffic of the resources associated with the security group. By default, the inbound traffic is denied unless it matches a rule that allows the traffic.
Protocol	The protocol that corresponds to the security group rule. Valid values: ALL: supports all protocol types. TCP UDP ICMP
Source Port	Sets the source port for a preset security group rule.
Destination Port	Sets the destination port for a preset security group rule.
Type	The object on which the security group rule takes effect. IP Address: the IP address range in which the security group rule takes effect. Security Group：the security group in which the security group rule takes effect.
Destination IP Address	The IP address on which the security group rule takes effect when Direction is set to Outbound Traffic.
Source IP Address	The IP address on which the security group rule takes effect when Direction is set to Inbound Traffic.

Name

The name of the security group rule.

The name can contain only lowercase letters, digits, and hyphens (-), and must start and end with a lowercase letter or a digit. The name can contain up to 16 characters in length.

Direction

The direction of the traffic that the security group rule controls.

Outbound Traffic: controls the outbound traffic of the resources associated with the security group. By default, the outbound traffic is allowed.
Inbound Traffic: controls the inbound traffic of the resources associated with the security group. By default, the inbound traffic is denied unless it matches a rule that allows the traffic.

Protocol

The protocol that corresponds to the security group rule. Valid values:

ALL: supports all protocol types.
TCP
UDP
ICMP

Source Port

Sets the source port for a preset security group rule.

Destination Port

Sets the destination port for a preset security group rule.

Type

The object on which the security group rule takes effect.

IP Address: the IP address range in which the security group rule takes effect.
Security Group：the security group in which the security group rule takes effect.

Destination IP Address

The IP address on which the security group rule takes effect when Direction is set to Outbound Traffic.

Source IP Address

The IP address on which the security group rule takes effect when Direction is set to Inbound Traffic.

Click OK. The security group rule appears in the security group rule list after it is added.