Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
ECLAT-SG(1)		     Eclat User	Reference		   ECLAT-SG(1)

NAME
       eclat-sg	- manipulate security groups

SYNOPSIS
       eclat sg	[--input|--ingress|-I|--output|--egress|-O]
       -A|-D|--add|--delete [-Nn] [-G NAME] [-P	PORT[-PORT]] [-g ID] [-p
       PROTO] [-s CIDR]	[-u USER] [--group-id=ID] [--group-name=NAME] [--name]
       [--next,	--new] [--port=PORT[-PORT]] [--protocol=PROTO] [--source=CIDR]
       [--user=USER] GROUP

       eclat sg	--list|-L [-n] [--name]	[GROUP]

       eclat sg	-h

       eclat sg	--help

       eclat sg	--usage

DESCRIPTION
       The eclat sg command is used to list and	configure EC2 security groups.
       When invoked with the --list (-L)  argument,  it	 displays  information
       about the given group, or all groups in the account, if the GROUP argu-
       ment is not provided.  The argument is either the group	ID,  or	 group
       name.  In the latter case, the --name (-n) option should	be given.

       When used with --add (-A) option, the command adds the rules to the se-
       curity groups.  The rules to add	are described by the command line  op-
       tions that follow.  For example:

       eclat sg	--add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567

       This command adds to the	security group sg-01234567 a rule allowing ac-
       cess to port 22 from IP addresses in the	range 192.0.2.0	- 192.0.2.255.

       If --proto icmp is used the --port option can be	omitted.

       Several rules can be added in one invocation.  The --next  (--new)  op-
       tion is used to separate	them.  E.g.:

       eclat sg	--add --proto tcp --port 22 --source 192.0.2.0/24 --next \
       --proto icmp --source 192.0.2.0/24 sg-01234567

       The  --delete (-D) option deletes existing rules, which are defined us-
       ing the same syntax as described	above.

       By default, both	--add and --delete operate on ingress rules.  This can
       be changed by placing the --output (-O) option before them.  The	--out-
       put option remains in effect for	all options that follow	it.  The --in-
       put option cancels its effect.

       The --list (-L) option instructs	the program to list rules in the named
       security	group.	If no group is specified, all existing groups will  be
       listed.

OPTIONS
   Modifiers
       --input,	--ingress, -I
	      Operate on the ingress rules.

       --output, --egress, -O
	      Operate on the egress rules.

       These  modifiers	 apply	to  all	--add and --delete options that	follow
       them, until another modifier or end of line is encountered.

       By default, --input is assumed.

       The --output modifier is	valid only for EC2-VPC.

   Commands
       These options define the	operation to be	performed  over	 the  security
       group.	A  valid  invocation of	the sg subcommand must contain exactly
       one of these:

       -A,--add
	      Add rules.

       -D,--delete
	      Delete rules.

       -L,--list
	      List rules.

   Rule	constituents
       The options below are used to define the	rules.	Unless --list  is  re-
       quested,	at least one rule must be defined.

       A  rule defines a set of	IPv4 addresses and a port range	that these are
       allowed to access.  The IP addresses can	be specfied either in  dotted-
       quad  notation  or  as host names and can optionally be followed	by a /
       and the	network	 mask  length  or  the	network	 mask.	 For  example:
       192.0.2.0/24  or	192.0.2.0/255.255.255.0.  Missing netmask part implies
       the network mask	length of 32.

       Another way of defining IP addresses is by supplying the	name or	ID  of
       another EC2 security group.

       -G, --group-name=NAME
	      Sets source group	name.

       -P, --port=PORT[-PORT]
	      Destination  port	 number	 or  range.  Each PORT can be either a
	      port number in decimal or	a service name from services(5).

       -g, --group-id=ID
	      Sets source group	ID.

       -p, --protocol=PROTO
	      Protocol name or number.

       -s, --source=CIDR
	      Source CIDR.  The	argument is an IPv4 address or host name,  op-
	      tionally	followed by a /	and the	network	mask length in decimal
	      or the network mask in dotted-quad notation.

       -u, --user=USER
	      User name	for the	subsequent --group-name	or --group-id option.

   Other options
       -n,--name
	      The GROUP	argument is a group name.  Without this	option	it  is
	      treated as the group name.

       -N,--next,--new
	      Begins next rule.

   Informational options
       -h,--help
	      Give a terse help	summary.

       --usage
	      List command line	syntax and available options.

SEE ALSO
       eclat(1), eclat-lssg(1),	eclat-mksg(1), eclat-rmsg(1).

AUTHORS
       Sergey Poznyakoff

BUG REPORTS
       Report bugs to <bug-eclat@gnu.org.ua>.

COPYRIGHT
       Copyright (C) 2012-2015 Sergey Poznyakoff
       License GPLv3+: GNU GPL version 3 or later <http://gnu.org/li-
       censes/gpl.html>
       This is free software: you are free  to	change	and  redistribute  it.
       There is	NO WARRANTY, to	the extent permitted by	law.

ECLAT			       November	19, 2015		   ECLAT-SG(1)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | SEE ALSO | AUTHORS | BUG REPORTS | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=eclat-sg&sektion=1&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help