Euca2ools Guide / EC2-Compatible Commands
Parent topic: EC2-Compatible Commands

euca-revoke

Removes a rule from a security group.

Syntax

euca-revoke  group_name [--egress] [-P {tcp,udp} -p port_range] [-s cidr_range]
euca-revoke  group_name [--egress] [-P icmp -t type:code] [-s cidr_range]

Options

Option Description Required
group_name Name of the security group to add the rule to. Yes
--egress (VPC only) Manage an egress rule, which controls traffic leaving the group.

Default: If this option is not specified, the rule is an ingress rule (applies to traffic entering the group).

 No
-P, --protocol protocol | protocol_number IP protocol name or number.

Valid values: tcp | udp | icmp -1/all

Note: You can specify arbitrary IANA-assigned protocol numbers as well as the special values "all" and "-1", which refer to all network traffic, in VPC security groups. As a convenience, if a protocol is specified by name euca-authorize and euca-revoke will consult /etc/protocols to discover its number.
No
-p port_range Specifies the range of ports to allow for TCP and UDP. Not valid for ICMP.

Valid values: Single integer or range (min-max). Use -1 to specify all ports.

 Conditional
-t, --icmp-type-code ICMP type and code specified as "type:code". Only works if you specify ICMP as the protocol. Conditional
-o, --source-group source_group (Non-VPC only) Group from which traffic is authorized by the rule. Every instance in the security group is allowed to pass traffic. No
-u, --source-group-user source_group_user ID of the security group user you name in the -o parameter No
-s, --source-subnet source_subnet Addresses to apply the rule to

Default: 0.0.0.0/0

 No

Common Options

Option Description
--show-empty-fields Show empty fields as "(nil)".
--region user@region Region and/or user name to search when looking up config file data. Only valid for EC2 endpoints.
-U,--url url URL of the cloud service to connect to. For administrative commands, this should be <ip_address>:8773/services/Empyrean.
-I,--access-key-id key_id User's access key ID.
-S,--secret-key secret_key User's secret key.
--security-token token User's security token.
--debug Prints what the command sends to the server and what it receives from the server. Use when you're trying to debug Euca2ools.
--debugger Enable interactive debugger on error.
-h,--help Display the manual page for the command.
--version Display the version of this tool.

Output

Example

euca-revoke default -P tcp -p 80 -s 0.0.0.0/0 
GROUP   default
PERMISSION  default ALLOWS  tcp 80  80  FROM    CIDR    0.0.0.0/0
euca-revoke -P tcp -p 6697-7000 -s 1.2.3.0/24 mygroup
GROUP   mygroup
PERMISSION  mygroup ALLOWS tcp 6697 7000 FROM CIDR 1.2.3.0/24
euca-revoke -P icmp -t 0:0 -o othergroup -u 1234567890 mygroup
GROUP   mygroup
PERMISSION  mygroup ALLOWS  icmp    USER    1234567890      GRPNAME othergroup      FROM    CIDR    0.0.0.0/0
Related reference
euca-allocate-address
euca-associate-address
euca-attach-volume
euca-authorize
euca-bundle-image
euca-bundle-instance
euca-bundle-and-upload-image
euca-bundle-vol
euca-cancel-bundle-task
euca-cancel-conversion-task
euca-create-group
euca-create-image
euca-create-keypair
euca-create-snapshot
euca-create-tags
euca-create-volume
euca-delete-bundle
euca-delete-disk-image
euca-delete-group
euca-delete-keypair
euca-delete-snapshot
euca-delete-tags
euca-delete-volume
euca-deregister
euca-describe-addresses
euca-describe-availability-zones
euca-describe-bundle-tasks
euca-describe-conversion-tasks
euca-describe-group
euca-describe-image-attribute
euca-describe-images
euca-describe-instance-status
euca-describe-instance-types
euca-describe-instances
euca-describe-keypairs
euca-describe-regions
euca-describe-snapshots
euca-describe-tags
euca-describe-volumes
euca-detach-volume
euca-disassociate-address
euca-download-bundle
euca-download-and-unbundle
euca-fingerprint-key
euca-get-console-output
euca-get-password
euca-get-password-data
euca-import-keypair
euca-import-instance
euca-install-image
euca-modify-image-attribute
euca-modify-instance-attribute
euca-modify-instance-type
euca-monitor-instances
euca-reboot-instances
euca-register
euca-release-address
euca-reset-image-attribute
euca-resume-import
euca-run-instances
euca-start-instances
euca-stop-instances
euca-terminate-instances
euca-unbundle
euca-unbundle-stream
euca-unmonitor-instances
euca-upload-bundle
euca-version
Parent topic: EC2-Compatible Commands
Copyright: © 2018 Eucalyptus Cloud
x