Limitation in security group rules
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Fix Released
|
Wishlist
|
MotoKen |
Bug Description
When creating security group rules using groups as source, only one rule per combination source group / destination groups is allowed.
Example:
$ nova secgroup-
$ nova secgroup-list-rules webservers
+------
| IP Protocol | From Port | To Port | IP Range | Source Group |
+------
| tcp | 22 | 22 | 0.0.0.0/0 | |
| tcp | 80 | 80 | | default |
+------
$ nova secgroup-
This rule already exists in group 695 (HTTP 400)
Changed in nova: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
tags: | added: security-groups |
Changed in nova: | |
milestone: | none → essex-4 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
milestone: | essex-4 → 2012.1 |
tags: | added: diablo-backport |
Can't you just specify the range as 80 to 81 like so:
nova secgroup- add-group- rule --ip_proto tcp --from_port 80 --to_port 81 webservers default