Euca2ools Guide / EC2-Compatible Commands |
Removes a rule from a security group.
euca-revoke group_name [--egress] [-P {tcp,udp} -p port_range] [-s cidr_range]
euca-revoke group_name [--egress] [-P icmp -t type:code] [-s cidr_range]
Option | Description | Required |
---|---|---|
group_name | Name of the security group to add the rule to. | Yes |
--egress | (VPC only) Manage an egress rule, which controls traffic leaving the group.
Default: If this option is not specified, the rule is an ingress rule (applies to traffic entering the group). |
No |
-P, --protocol protocol | protocol_number | IP protocol name or number. Valid values: tcp | udp | icmp -1/all Note: You can specify arbitrary IANA-assigned protocol numbers as well as the special values "all" and "-1",
which refer to all network traffic, in VPC security groups. As a
convenience, if a protocol is specified by name euca-authorize
and euca-revoke will consult /etc/protocols to discover its
number.
|
No |
-p port_range | Specifies the range of ports to allow for TCP and UDP. Not valid
for ICMP. Valid values: Single integer or range (min-max). Use -1 to specify all ports. |
Conditional |
-t, --icmp-type-code | ICMP type and code specified as "type:code". Only works if you specify ICMP as the protocol. | Conditional |
-o, --source-group source_group | (Non-VPC only) Group from which traffic is authorized by the rule. Every instance in the security group is allowed to pass traffic. | No |
-u, --source-group-user source_group_user | ID of the security group user you name in the -o parameter | No |
-s, --source-subnet source_subnet | Addresses to apply the rule to Default: 0.0.0.0/0 |
No |
Option | Description |
---|---|
--show-empty-fields | Show empty fields as "(nil)". |
--region user@region | Region and/or user name to search when looking up config file data. Only valid for EC2 endpoints. |
-U,--url url | URL of the cloud service to connect to. For administrative commands, this should be <ip_address>:8773/services/Empyrean. |
-I,--access-key-id key_id | User's access key ID. |
-S,--secret-key secret_key | User's secret key. |
--security-token token | User's security token. |
--debug | Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools. |
--debugger | Enable interactive debugger on error. |
-h,--help | Display the manual page for the command. |
--version | Display the version of this tool. |
euca-revoke default -P tcp -p 80 -s 0.0.0.0/0 GROUP default PERMISSION default ALLOWS tcp 80 80 FROM CIDR 0.0.0.0/0
euca-revoke -P tcp -p 6697-7000 -s 1.2.3.0/24 mygroup GROUP mygroup PERMISSION mygroup ALLOWS tcp 6697 7000 FROM CIDR 1.2.3.0/24
euca-revoke -P icmp -t 0:0 -o othergroup -u 1234567890 mygroup GROUP mygroup PERMISSION mygroup ALLOWS icmp USER 1234567890 GRPNAME othergroup FROM CIDR 0.0.0.0/0