Skip to main content

User Guide

Modifying Security Group Rules

Last updated time: May 15, 2024, 17:46:12
Operation scenario
Improper setting of security group rules can bring security risks. The network security of instances such as cloud servers can be ensured by modifying the port number, protocol, and IP address of security group rules.
For more information about security group rules, please see Security Groups.
Prerequisites
A security group has been created and security group rules have been added to this security group.
If there is no security group yet, please see Security Groups to create a new security group.
Operation steps
Log in to the cloud server console.
In the left navigation tree, select "Servers" to jump to the cloud server list page.
Find the instance whose details need to be viewed, and then click the "Instance ID" of this instance to jump to the server details page.
On the server details page, select the "Security Group" tab, and in the security group column, select "Security Group List" again.
On the list page, for the security group to be operated on, you can jump to the details page in the following two ways:
Click the "Security Group ID" in the "Security Group ID/Name" column;
Select "Configure Rules" in the operation column.
On the security group details page, locate the position of the access rules. According to your own needs, click the "Inbound" or "Outbound" tab.
At the rule that needs to be edited, click "Edit" and make modifications according to the parameter description.
After confirming that the information is accurate, click the "Save" button. The editing operation is completed.

Parameter description

Parameter Description
Direction
  • Inbound: Inbound traffic for accessing cloud resource instances from the outside. If not configured, access is denied by default.
  • Outbound: Outbound traffic initiated by cloud resource instances actively.
Source/Target IP addresses or CIDR blocks support IPv4 and can be filled in the following formats.
  • Single IP address: for example, "192.168.1.100".
  • IP network segment: for example, "192.168.1.0/24".
  • All IP addresses: select or fill in "0.0.0.0/0".
Protocol Protocol type: supports protocols such as ALL (all protocols), TCP, UDP, ICMP, etc. The default value is TCP.
Port Port range. Only when the protocol type is TCP or UDP, the start port and end port can be manually set.
  • Specified port: For example, if port 22 is specified, the start port is "22", and the end port is not filled or is "22".
  • Port range: For example, for consecutive ports from 80 to 90, the start port is "80" and the end port is "90".
  • All ports: All port ranges corresponding to the protocol type, select "All".
Policy Allow or deny. Under the same priority, the deny policy takes precedence over the allow policy.
Priority The priority can be selected in the range of 1-10, and the priority increases in turn. The default value is 1.
Remarks Customize and briefly describe the rule for easy later management.

Related documents
Add security group rules in the security group console. For more details, please see Add Security Group Rules.
Modify security group rules in the security group console. For more details, please see Edit Security Group Rules.