Importing and Exporting Security Group Rules

Scenarios

• If you want to back up security group rules locally, you can export the rules to an Excel file.
• If you want to quickly create or restore security group rules, you can import your security group rule file to the security group.
• If you want to quickly apply the rules of one security group to another, you can export and import existing rules.
• If you want to modify multiple rules of the current security group at a time, you can export and import existing rules.

Notes and Constraints

• The security group rules to be imported must be configured based on the template. Do not add parameters or change existing parameters. Otherwise, the import will fail.
• If a security group rule to be imported is the same as an existing one, the security group rule cannot be imported. You can delete the rule and try again.

Procedure

1. Log in to the management console.
2. Click in the upper left corner and choose Network > Virtual Private Cloud.

   The Virtual Private Cloud page is displayed.

3. In the navigation pane on the left, choose Access Control > Security Groups.

   The security group list is displayed.

4. On the security group list, click the name of the target security group.

   The security group details page is displayed.

5. Export and import security group rules.
   • Click Export Rule to export all rules of the current security group to an Excel file.
   • Click Import Rule to import security group rules from an Excel file into the current security group.

     Table 1 describes the parameters in the template for importing rules.

     Table 1 Template parameters

     Parameter	Description	Example Value
     Direction	The direction in which the security group rule takes effect. Inbound: Inbound rules control incoming traffic to instances in the security group. Outbound: Outbound rules control outgoing traffic from instances in the security group.	Inbound
     Priority	The priority value ranges from 1 to 100. The default value is 1 and has the highest priority. The security group rule with a smaller value has a higher priority.	1
     Action	The value can be Allow or Deny. If the Action is set to Allow, traffic is allowed to access the cloud servers in the security group over specified ports. If the Action is set to Deny, traffic is denied to access the cloud servers in the security group over specified ports.	Allow
     Protocol & Port	The network protocol used to match traffic in a security group rule. The protocol can be All, TCP, UDP, GRE, or ICMP.	TCP
     	Destination port used to match traffic in a security group rule. The value can be from 1 to 65535. Inbound rules control incoming traffic over specific ports to instances in the security group. Outbound rules control outgoing traffic over specific ports from instances in the security group.	22, 22-30
     Type	Source IP address version. You can select: IPv4 IPv6	IPv4
     Source	Source of the security group rule. The value can be an IP address, a security group, or an IP address group, to allow access from the IP addresses or the instances in the security group. IP address Single IP address: 192.168.10.10/32 (IPv4); 2002:50::44/128 (IPv6) All IP addresses: 0.0.0.0/0 (IPv4); ::/0 (IPv6) IP address range: 192.168.1.0/24 (IPv4); 2407:c080:802:469::/64 (IPv6) IP address group: ipGroup-A	sg-test[96a8a93f-XXX-d7872990c314]
     Destination	Destination of the security group rule. The value can be an IP address, a security group, or an IP address group, to allow access to the IP address or the instances in the security group.	sg-test[96a8a93f-XXX-d7872990c314]
     Description	Supplementary information about the security group rule. This parameter is optional. The security group rule description can contain a maximum of 255 characters and cannot contain angle brackets (< or >).	-
     Last Modified	The time when the security group was modified.	-