Is there any ordering rules in applying security groups?

Solution Verified - Updated -


  1. I had created the project with two networks A and B and with two security groups, default and Allpermit, and created an instance that connected network A and set security group Allpermit.

    • Default Security group: Set to allow transmission only within the same group
    • Allpermit security group: Allow all transmission and reception
  2. Then, we added another network B with the nova interface-attach command, and after network B was added, the security group default was applied to the whole instance.

  • Question 1: Is it possible to specify a security group when adding a network with the nova interface-attach command?
  • Question 2: When applying / deleting a security group from Dashboard, if applying security group Allpermit first, does Allpermit override the filtering of default security group added later?
    • If you assign or delete a security group from the Dashboard to an instance with two networks, Is only the security group added earlier valid?
    • In other words, if you want to apply a separate security group to each network port, you must use the CLI to specify a security group with neutron port-update --security-group SECURITY_GROUP PORT ?


  • Red Hat OpenStack Platform 7.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content