GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
ECLAT-SG(1) Eclat User Reference ECLAT-SG(1)

eclat-sg - manipulate security groups

eclat sg [--input|--ingress|-I|--output|--egress|-O] -A|-D|--add|--delete [-Nn] [-G NAME] [-P PORT[-PORT]] [-g ID] [-p PROTO] [-s CIDR] [-u USER] [--group-id=ID] [--group-name=NAME] [--name] [--next, --new] [--port=PORT[- PORT]] [--protocol=PROTO] [--source=CIDR] [--user=USER] GROUP

eclat sg --list|-L [-n] [--name] [GROUP]

eclat sg -h

eclat sg --help

eclat sg --usage

The eclat sg command is used to list and configure EC2 security groups. When invoked with the --list (-L) argument, it displays information about the given group, or all groups in the account, if the GROUP argument is not provided. The argument is either the group ID, or group name. In the latter case, the --name (-n) option should be given.

When used with --add (-A) option, the command adds the rules to the security groups. The rules to add are described by the command line options that follow. For example:

eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567

This command adds to the security group sg-01234567 a rule allowing access to port 22 from IP addresses in the range 192.0.2.0 - 192.0.2.255.

If --proto icmp is used the --port option can be omitted.

Several rules can be added in one invocation. The --next (--new) option is used to separate them. E.g.:

eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 --next 
--proto icmp --source 192.0.2.0/24 sg-01234567

The --delete (-D) option deletes existing rules, which are defined using the same syntax as described above.

By default, both --add and --delete operate on ingress rules. This can be changed by placing the --output (-O) option before them. The --output option remains in effect for all options that follow it. The --input option cancels its effect.

The --list (-L) option instructs the program to list rules in the named security group. If no group is specified, all existing groups will be listed.

--input, --ingress, -I
Operate on the ingress rules.
--output, --egress, -O
Operate on the egress rules.

These modifiers apply to all --add and --delete options that follow them, until another modifier or end of line is encountered.

By default, --input is assumed.

The --output modifier is valid only for EC2-VPC.

These options define the operation to be performed over the security group. A valid invocation of the sg subcommand must contain exactly one of these:
-A,--add
Add rules.
-D,--delete
Delete rules.
-L,--list
List rules.

The options below are used to define the rules. Unless --list is requested, at least one rule must be defined.

A rule defines a set of IPv4 addresses and a port range that these are allowed to access. The IP addresses can be specfied either in dotted-quad notation or as host names and can optionally be followed by a / and the network mask length or the network mask. For example: 192.0.2.0/24 or 192.0.2.0/255.255.255.0. Missing netmask part implies the network mask length of 32.

Another way of defining IP addresses is by supplying the name or ID of another EC2 security group.

-G, --group-name=NAME
Sets source group name.
-P, --port=PORT[-PORT]
Destination port number or range. Each PORT can be either a port number in decimal or a service name from services(5).
-g, --group-id=ID
Sets source group ID.
-p, --protocol=PROTO
Protocol name or number.
-s, --source=CIDR
Source CIDR. The argument is an IPv4 address or host name, optionally followed by a / and the network mask length in decimal or the network mask in dotted-quad notation.
-u, --user=USER
User name for the subsequent --group-name or --group-id option.

-n,--name
The GROUP argument is a group name. Without this option it is treated as the group name.
-N,--next,--new
Begins next rule.

-h,--help
Give a terse help summary.
--usage
List command line syntax and available options.

eclat(1), eclat-lssg(1), eclat-mksg(1), eclat-rmsg(1).

Sergey Poznyakoff

Report bugs to <bug-eclat@gnu.org.ua>.

Copyright © 2012-2018 Sergey Poznyakoff
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

November 19, 2015 ECLAT
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.