A security group is a set of rules that control the network traffic allowed to reach your virtual machines (VMs). These rules decide:
- What kind of traffic can come into the VM (incoming).
- What kind of traffic can go out from the VM (outgoing).
Each project has a default security group created automatically.This default group allows all types of traffic on all ports and cannot be deleted.
You can Create custom security groups with specific rules. Assign one or more security groups to new or existing VMs. When you update the rules in a security group (add or remove), the changes take effect immediately.
Note: Security group rules work only for IPv4 traffic. IPv6 is not supported.
Creating and deleting security groups
To create a security group
On the Security groups screen, click Add security group.
In the Add security group window, specify a name and description for the group, and then click Add.
By default, the new security group will deny all incoming traffic and allow only outgoing traffic to assigned virtual machines.
To delete a security group
On the Security groups screen, click the required security group.
On the group right pane, click Delete.
Click Delete in the confirmation window.
Note: You cannot delete a security group if it is assigned to a VM.
Managing security group rules
You can change security groups by adding new rules or removing existing ones. However, you cannot edit a rule directly. To make changes to an existing rule, you need to delete it and then create a new rule with the updated settings.
To add a rule to a security group
1. On the Security groups screen, click the security group to add a rule to.
2. On the group right pane, click Add in the Inbound or Outbound section to create a rule for incoming or outgoing traffic.
3. Click the check mark to save the changes.
To remove a rule from a security group
On the Security groups screen, click the required security group.
On the group right panel, click the bin icon next to a rule you want to remove.
As soon as the rule is removed, this change is applied to all of the virtual machines assigned to the security group.
Changing security group assignment
When you create a VM, you select security groups for the VM network interfaces. You can also change assigned security groups later.
Viewing Virtual Machines in a Security Group
- Go to the Security Groups screen and select the security group you want.
- On the right side, open the Assigned VMs tab to see all virtual machines in the group, along with their current status.
Click on a VM name to open its Overview page, where you can change the security group for its network interfaces.
Assigning a Security Group to a Virtual Machine
- Open the Virtual Machines screen and choose the VM you want to update.
- In the Overview tab, click the pencil icon in the Networks section.
- Next to the network interface you want to update, click the three dots (ellipsis icon) and select Edit.
- In the Edit Network Interface window, go to the Security Groups tab.
- Select one or more security groups from the drop-down menu and click Save.
The new security group rules will take effect immediately.