A security group is a set of IP address filtering rules that define networking access for instances in a project. Security group rules are project-specific.

Each OpenStack project has a default security group. All instances in a project are included in the default security group unless you specify a different security group for them. By default, the default security group permits outgoing traffic but denies all incoming traffic to instances.

To change IP address filtering rules for instances in your project, you can create a new security group with the desired rules or modify the rules set in the default security group.


For NSX-T Data Center deployments, each port can have a maximum of nine security groups.