Security group is composed of a series of rules used to control inbound and outbound traffic of network interfaces. It is a stateful packet filtering virtual firewall that can be used for network access control of single or multiple cloud servers and is an important means of network security isolation. Security group is designed based on the whitelist principle, and it rejects inbound/outbound traffic of network interfaces by default. You can add security group rules as needed to allow traffic to pass.

Create Security Group

Scenarios

On the security group console page, create a security group.

Directions

Log in .
In the left navigation tree, select "Security Group" to jump to the security group list page. Then continue to click "New".

XQWJump to the new security group page, and complete the following configuration operations according to the prompt information and parameter descriptions on the page.

After confirming that the information is accurate, click the "Submit" button. The new creation operation can be completed.

Parameters

Parameter	Description
Name	• Custom: Set the name of the security group.• Auto-generated: If not modified, the system will generate it automatically.
Description	Customize and briefly describe the rules for easy later management.
Direction	• Inbound: Inbound traffic for accessing cloud resource instances from outside. If not configured, access is denied by default.• Outbound: Outbound traffic initiated by cloud resource instances actively.
Source/Target	IPv4 IP addresses or CIDR blocks can be filled in according to a specific format. When adding new ones, multiple source or target records can be added in batches.• Single IP address: e.g., "192.168.1.100"• Multiple IP addresses: separated by commas, e.g., "192.168.1.100,192.168.1.200"• IP network segment: e.g., "192.168.1.0/24"• All IP addresses: Select or fill in "0.0.0.0/0"
Protocol	Protocol types: Support ALL (all protocols), TCP, UDP, ICMP and other protocols. The default value is TCP.
Port	Port range. Only when the protocol type is TCP or UDP, the start port and end port can be set manually.• Specified port: e.g., if port 22 is specified, the start port is "22", and the end port is not filled or is "22".• Port range: e.g., for consecutive ports from 80 to 90, the start port is "80" and the end port is "90".• All ports: All port ranges corresponding to the protocol type. Select "All".
Policy	Allow or deny. In the case of the same priority, the deny policy takes precedence over the allow policy.
Priority	The priority can be selected in the range of 1–10, and the priority increases in turn. The default value is 1.
Remarks	Customize and briefly describe the rules for easy later management.