Is there any ordering rules in applying security groups?

Solution Verified - Updated -


  1. I had created the project with two networks A and B and with two security groups, default and Allpermit, and created an instance that connected network A and set security group Allpermit.

    • Default Security group: Set to allow transmission only within the same group
    • Allpermit security group: Allow all transmission and reception
  2. Then, we added another network B with the nova interface-attach command, and after network B was added, the security group default was applied to the whole instance.

  • Question 1: Is it possible to specify a security group when adding a network with the nova interface-attach command?
  • Question 2: When applying / deleting a security group from Dashboard, if applying security group Allpermit first, does Allpermit override the filtering of default security group added later?
    • If you assign or delete a security group from the Dashboard to an instance with two networks, Is only the security group added earlier valid?
    • In other words, if you want to apply a separate security group to each network port, you must use the CLI to specify a security group with neutron port-update --security-group SECURITY_GROUP PORT ?


  • Red Hat OpenStack Platform 7.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In