You can modify a security group by adding and removing rules assigned to that group. Rules define which traffic is allowed to instances that are assigned to the security group.


  1. Log in to the VMware Integrated OpenStack dashboard as a cloud administrator.
  2. Select the project from the drop-down menu in the title bar.
  3. Select Project > Compute > Access & Security.
  4. Click the Security Groups tab.
  5. Select the security group to modify and click Manage Rules.
  6. To remove a rule, select the rule and click Delete Rule.
  7. To add a rule, click Add Rule and select the custom rule to add from the Rule drop-down menu.



    Custom TCP Rule

    Used to exchange data between systems and for end-user communication.

    Custom UDP Rule

    Used to exchange data between systems, for example, at the application level.

    Custom ICMP Rule

    Used by network devices, such as routers, to send error or monitoring messages.

    Other Protocol

    You can manually configure a rule if the rule protocol is not included in the list.

    1. From the Remote drop-down list, select CIDR or Security Group.
    2. If applicable, select Ingress or Egress from the Direction drop-down menu.

      For TCP and UDP rules, you can open either a single port or a range of ports. Depending on your selection, different fields appear below the Open Port list.

    3. Select the kind of access to allow.



      CIDR (Classless Inter-Domain Routing)

      Limits access only to IP addresses within the specified block.

      Security Group

      Allows any instance in the specified security group to access any other group instance.

      You can choose between IPv4 or IPv6 in the Ether Type list.

  8. Click Add.


The new rule appears on the Manage Security Group Rules page for the security group.