Rules of safety group
Operation Guide
- Instance
- Instance overview
- Instance life cycle
- Create Instance
- Check instance information
- Login Instance
- Start instances
- Disable instance
- Restart instance
- Reset Password
- Rebuild
- Resize
- Modify instance name
- Search Instance
- Import Instance Information
- Instance downtime without billing
- Instance of restart expiration/ arrearage
- Change the package to yearly or monthly according to configuration
- Delete instance
- GPU Instance
- vGPU instance
- Emergency performance instance
- Bare metal instance
- Metadata instance
- Instance FAQ
- Instance Template
- Image
- Instance voucher
- Storage
- Networking
- Network Overview
- Bind Elastic Network Interface
- Unbind Elastic Network Interface
- Assign auxiliary intranet IP
- Release auxiliary intranet IP
- Associate the EIP
- Disassociate the EIP
- Configure network card multi-queue
- Configure elastic network card deletion features
- Modify private network configuration
- Network FAQ
- Key Pair
- Security Group
- Overview of safety group
- Rules of safety group
- Typical configuration of safety group rules
- Customer Scenario
- Create Security Group
- Bind cloud host through safety group
- Unbind cloud host through safety group
- Configure safety group inbound rules
- Configure safety group outbound rules
- Delete Security Group
- Security Group FAQ
- Tag
- Monitoring
- Event
- Automatic Task Policy
Linux operation and maintenance guide
- Linux environment configuration
- FTP service installation and configuration
- Changing software installation source of ubuntu system
- Install vncserver to Centos
- Install graphical interfaces to Centos7
- Intranet NTP service
- Kernel operation shall not be upgraded when Linux system is upgraded
- Configure SNAT to Linux system
- Way to modify host name in Linux system
- Modify file directory permission in Linux system
- Make procedures execute background through nohup in Linux system
- SSH creation and login
- Change port of SSH service
- Modify the largest linking number of self-built mysql database
- Set ssh password-free login among cloud hosts
- Configure graphical interfaces and vnc to Ubuntu
- Linux System Configuration yum and ntp
Linux faults
- How to solve the problem that the cloud host cannot obtain Intranet IP address after being created by using centos private mirror image
- Linux message log error kernel TCP time wait bucket table overflowt
- Linux System Time synchronization server query timeout
- When UseDNS is enabled on SSH, the connection speed slows down
- SSH startup error reported/var/empty/sshd must be owned by root and not group or world-writable
- The following error occurs when SSH logs in Maximum amount of failed attempts was reached
- The following error occurs when SSH logs in ssh_exchange_identification read Connection reset by peer
- The following error occurs when SSH service starts up main process exited, code=exited
- Two reasons for slow login of Linux ssh
- The return time of calling Tencent API is too long
- CentOS fails to log in when user name is correctly entered
- How to check the time when the server was restarted last time
- When deleting documents in Linux, it prompts Operation not permitted
- Linux system cpu, memory overload checking
- Problems about Linux system’s creating cloud disk through snapshots
- Abnormality in total time of ping test in Linux system
- Linux system prompts -bash ls command not found
- When check log through tail in Linux system, it prompts insufficient space
- SSH fails to log in when enters root password for many times, and following errors are prompted Too many authentication failures for root
- SSH fails remote login for troubleshooting
- Timeout setting for SSH connection disconnection
- SSH login error Host key verification failed
- When logging in, SSH prompts login Module is unknown
- When logging in, SSH prompts No supported key exchange algorithms
- When logging in, SSH prompts fatal mm_request_send write Broken pipe
- When logging in, SSH prompts must be owned by root and not group or word-writable
- When logging in, SSH prompts Permission denied, please try again
- When logging in, SSH prompts User root not allowed because not listed in
- When being connected, SSH shows following error error Could not get shadow information for root
- When being connected, SSH shows following error pam_unix(sshdsession) session closed for user
- The following error occurs when SSH logs in Disconnected No supported authentication methods available
- When logging in, SSH shows following error pam_listfile(sshd auth) Refused user root for service sshd
- When logging in, SSH shows following error requirement "uid >= 1000" not met by user "root"
- When starting up, SSH shows following error fatal Cannot bind any address
- How to recover automatically after Ubuntu modifies DNS and restarts
Windows Operation and Maintenance
- Windows environment configuration
- Windows2008 iis service configuration https
- Windows 2012 Modify desktop background
- Windows 2012 Delete server role or functions
- Windows The way to adjust and activate cloud host is KMS
- Windows Reset winsock configuration
- Windows system Play audio file in local computer
- Windows the method to view and modify the remote desktop
- Windows system Set no sleep
- Windows2012 system Close ECN function
- Set compatible mode in 360 and ie explorers
- Windows system How to cancel combination key upon login
- IIS7.5 Start 500 true errors
- IIS7.5 Set log time and local time synchronization
- Windows2008 Disk partitioning and formatting
- Windows Tracker of cloud host disabling
- Windows Firewall allows ping to be disabled
- Windows Firewall allows port access to be blocked
- Windows IIS website sets IP address restriction
- Windows Update setting
- Windows Disable Internet Explorer to enhance security
- Windows Cloud host self-built SqlServer memory limit method
- Windows Way to modify DNS
- Windows Way to modify disk drive
- Windows Way to register and restore backups
- Windows How to configure port forwarding on the server
- Windows system SQL mirror image login method
- Windows system Start PDO through php
- Windows system Start fsockOpen function through php
- Windows system Restart remote desktop service
- Windows uploading file through desk
- Windows 2008 Install and configure ftp service
- Windows 2008 Limit system cache upper limit
- Windows 2008 Enable kernel dump configuration
- Windows 2008 Set virtual memory
- Windows2012&2016 Disk partitioning and formatting
- Windows2012 Install and configure ftp service
- Windows2012 Modify SID
- Windows2012 Set remote desktop to be on continuously
- Windows2012 system Way to install NETFramework3.5
- Windows Automatic startup
- Windows System
- Windows Faults
- Windows Way to solve abnormal occupation of 80 port
- Windows Excessive Time_Wait causes Internet access failure
- What to do when cloud host restarts automatically at dawn
- Windows2008 When updating patches, it prompts “8000FFFFwindows update an unknown error occurs”
- Windows2012 It prompts that source file cannot be found when installing. NET Framework 3.5.1
- Windows Fail to refresh server manager
- Windows Remote login message prompts that you do not have login permission
- Windows Remote prompts authentication error, and requested function is not supported
- Windows system TrustedInstaller.exe occupies a high memory usage
- Processing Method for High Memory Resources Caused by the Reason that cpu is Occupied by the svchost.exe Process of the Windows
- Way to solve error code 451 when it is prompted by FTP
- Mac system cannot connect to Windows2012
- Windows Cause of paused task manager data
- What to do when server is attacked by hackers
- Windows Remote connection prompts no authorization license
- Windows Remote prompt shows that credentials do not work
- High cpu Memory Consumption by Automatic Windows Update
- Windows Way to solve high bandwidth usage
- Windows File properties do not have security tabs
- Windows When installing and operating apps, it prompts the loss of msvcr100.dll
- Windows system Cloud hard disk status external or offline
- Windows system High CPU usage
- Windows system Memory usage analysis
- Lots of cpu resources occupied by the tasking.exe Process of the Windows
- Windows update prompts an error of 80070008 or 8007000e
- Windows 2008 After refreshing server manager, it prompts 0x80070422 error
- Windows2008 Way to solve the problem that computer management can not find disk management
- Windows2012 ie explorer cannot be opened
- Windows2016 Error is prompted when install net3.5
Api reference
- API Overview
- Update History
- API Information
- Virtual Machines
- createInstances
- deleteInstance
- rebootInstance
- rebuildInstance
- resizeInstance
- startInstance
- stopInstance
- describeInstances
- describeInstance
- describeInstanceStatus
- describeInstanceVncUrl
- attachDisk
- detachDisk
- attachNetworkInterface
- detachNetworkInterface
- associateElasticIp
- disassociateElasticIp
- modifyInstanceAttribute
- modifyInstanceDiskAttribute
- modifyInstanceNetworkAttribute
- modifyInstancePassword
- Image
- SSH Key Pair
- Instance Template
- Specification Type
- Quota
- Virtual Machines
- Use Help
- Security
- Security Service
- Baseline Check ServicePenetration Test ServiceIncident Response ServiceVulnerability Scan ServiceCybersecurity Classified Protection Consulting ServiceImportant Cybersecurity Guarantees ServiceInformation Security TrainingSecurity Notification ServiceSecurity Attack and Defense Drill Service
Products
NeuHub
Intelligent Design
Cloud Essentials
Enterprise Applications
Video Service
Developer Services
Management
Monitoring and Operation
云资源管理
不展示在产品目录下
For express and not display
Security
Security Service
Security Management
Data Security
Network Security
System Security
Applications Security
终端安全
Big Data
Big Data & Analytics
数据库
关系型数据库
分布式数据库
网络与 CDN
混合云网络
容器与中间件
Virtual Machines
- Product news
- Introduction
- Product Pricing
- Linux start guide
- Getting Started of Windows
- Operation Guide
- Instance
- Instance overview
- Instance life cycle
- Create Instance
- Check instance information
- Login Instance
- Start instances
- Disable instance
- Restart instance
- Reset Password
- Rebuild
- Resize
- Modify instance name
- Search Instance
- Import Instance Information
- Instance downtime without billing
- Instance of restart expiration/ arrearage
- Change the package to yearly or monthly according to configuration
- Delete instance
- GPU Instance
- vGPU instance
- Emergency performance instance
- Bare metal instance
- Metadata instance
- Instance FAQ
- Instance Template
- Image
- Instance voucher
- Storage
- Networking
- Network Overview
- Bind Elastic Network Interface
- Unbind Elastic Network Interface
- Assign auxiliary intranet IP
- Release auxiliary intranet IP
- Associate the EIP
- Disassociate the EIP
- Configure network card multi-queue
- Configure elastic network card deletion features
- Modify private network configuration
- Network FAQ
- Key Pair
- Security Group
- Overview of safety group
- Rules of safety group
- Typical configuration of safety group rules
- Customer Scenario
- Create Security Group
- Bind cloud host through safety group
- Unbind cloud host through safety group
- Configure safety group inbound rules
- Configure safety group outbound rules
- Delete Security Group
- Security Group FAQ
- Tag
- Monitoring
- Event
- Automatic Task Policy
- Instance
- Performance Test
- Best practices
- Linux operation and maintenance guide
- Linux environment configuration
- FTP service installation and configuration
- Changing software installation source of ubuntu system
- Install vncserver to Centos
- Install graphical interfaces to Centos7
- Intranet NTP service
- Kernel operation shall not be upgraded when Linux system is upgraded
- Configure SNAT to Linux system
- Way to modify host name in Linux system
- Modify file directory permission in Linux system
- Make procedures execute background through nohup in Linux system
- SSH creation and login
- Change port of SSH service
- Modify the largest linking number of self-built mysql database
- Set ssh password-free login among cloud hosts
- Configure graphical interfaces and vnc to Ubuntu
- Linux System Configuration yum and ntp
- Linux environment configuration
- Linux automatic startup
- Linux faults
- How to solve the problem that the cloud host cannot obtain Intranet IP address after being created by using centos private mirror image
- Linux message log error kernel TCP time wait bucket table overflowt
- Linux System Time synchronization server query timeout
- When UseDNS is enabled on SSH, the connection speed slows down
- SSH startup error reported/var/empty/sshd must be owned by root and not group or world-writable
- The following error occurs when SSH logs in Maximum amount of failed attempts was reached
- The following error occurs when SSH logs in ssh_exchange_identification read Connection reset by peer
- The following error occurs when SSH service starts up main process exited, code=exited
- Two reasons for slow login of Linux ssh
- The return time of calling Tencent API is too long
- CentOS fails to log in when user name is correctly entered
- How to check the time when the server was restarted last time
- When deleting documents in Linux, it prompts Operation not permitted
- Linux system cpu, memory overload checking
- Problems about Linux system’s creating cloud disk through snapshots
- Abnormality in total time of ping test in Linux system
- Linux system prompts -bash ls command not found
- When check log through tail in Linux system, it prompts insufficient space
- SSH fails to log in when enters root password for many times, and following errors are prompted Too many authentication failures for root
- SSH fails remote login for troubleshooting
- Timeout setting for SSH connection disconnection
- SSH login error Host key verification failed
- When logging in, SSH prompts login Module is unknown
- When logging in, SSH prompts No supported key exchange algorithms
- When logging in, SSH prompts fatal mm_request_send write Broken pipe
- When logging in, SSH prompts must be owned by root and not group or word-writable
- When logging in, SSH prompts Permission denied, please try again
- When logging in, SSH prompts User root not allowed because not listed in
- When being connected, SSH shows following error error Could not get shadow information for root
- When being connected, SSH shows following error pam_unix(sshdsession) session closed for user
- The following error occurs when SSH logs in Disconnected No supported authentication methods available
- When logging in, SSH shows following error pam_listfile(sshd auth) Refused user root for service sshd
- When logging in, SSH shows following error requirement "uid >= 1000" not met by user "root"
- When starting up, SSH shows following error fatal Cannot bind any address
- How to recover automatically after Ubuntu modifies DNS and restarts
- Windows Operation and Maintenance
- Windows environment configuration
- Windows2008 iis service configuration https
- Windows 2012 Modify desktop background
- Windows 2012 Delete server role or functions
- Windows The way to adjust and activate cloud host is KMS
- Windows Reset winsock configuration
- Windows system Play audio file in local computer
- Windows the method to view and modify the remote desktop
- Windows system Set no sleep
- Windows2012 system Close ECN function
- Set compatible mode in 360 and ie explorers
- Windows system How to cancel combination key upon login
- IIS7.5 Start 500 true errors
- IIS7.5 Set log time and local time synchronization
- Windows2008 Disk partitioning and formatting
- Windows Tracker of cloud host disabling
- Windows Firewall allows ping to be disabled
- Windows Firewall allows port access to be blocked
- Windows IIS website sets IP address restriction
- Windows Update setting
- Windows Disable Internet Explorer to enhance security
- Windows Cloud host self-built SqlServer memory limit method
- Windows Way to modify DNS
- Windows Way to modify disk drive
- Windows Way to register and restore backups
- Windows How to configure port forwarding on the server
- Windows system SQL mirror image login method
- Windows system Start PDO through php
- Windows system Start fsockOpen function through php
- Windows system Restart remote desktop service
- Windows uploading file through desk
- Windows 2008 Install and configure ftp service
- Windows 2008 Limit system cache upper limit
- Windows 2008 Enable kernel dump configuration
- Windows 2008 Set virtual memory
- Windows2012&2016 Disk partitioning and formatting
- Windows2012 Install and configure ftp service
- Windows2012 Modify SID
- Windows2012 Set remote desktop to be on continuously
- Windows2012 system Way to install NETFramework3.5
- Windows Automatic startup
- Windows System
- Windows Faults
- Windows Way to solve abnormal occupation of 80 port
- Windows Excessive Time_Wait causes Internet access failure
- What to do when cloud host restarts automatically at dawn
- Windows2008 When updating patches, it prompts “8000FFFFwindows update an unknown error occurs”
- Windows2012 It prompts that source file cannot be found when installing. NET Framework 3.5.1
- Windows Fail to refresh server manager
- Windows Remote login message prompts that you do not have login permission
- Windows Remote prompts authentication error, and requested function is not supported
- Windows system TrustedInstaller.exe occupies a high memory usage
- Processing Method for High Memory Resources Caused by the Reason that cpu is Occupied by the svchost.exe Process of the Windows
- Way to solve error code 451 when it is prompted by FTP
- Mac system cannot connect to Windows2012
- Windows Cause of paused task manager data
- What to do when server is attacked by hackers
- Windows Remote connection prompts no authorization license
- Windows Remote prompt shows that credentials do not work
- High cpu Memory Consumption by Automatic Windows Update
- Windows Way to solve high bandwidth usage
- Windows File properties do not have security tabs
- Windows When installing and operating apps, it prompts the loss of msvcr100.dll
- Windows system Cloud hard disk status external or offline
- Windows system High CPU usage
- Windows system Memory usage analysis
- Lots of cpu resources occupied by the tasking.exe Process of the Windows
- Windows update prompts an error of 80070008 or 8007000e
- Windows 2008 After refreshing server manager, it prompts 0x80070422 error
- Windows2008 Way to solve the problem that computer management can not find disk management
- Windows2012 ie explorer cannot be opened
- Windows2016 Error is prompted when install net3.5
- Windows environment configuration
- Api reference
- API Overview
- Update History
- API Information
- Virtual Machines
- createInstances
- deleteInstance
- rebootInstance
- rebuildInstance
- resizeInstance
- startInstance
- stopInstance
- describeInstances
- describeInstance
- describeInstanceStatus
- describeInstanceVncUrl
- attachDisk
- detachDisk
- attachNetworkInterface
- detachNetworkInterface
- associateElasticIp
- disassociateElasticIp
- modifyInstanceAttribute
- modifyInstanceDiskAttribute
- modifyInstanceNetworkAttribute
- modifyInstancePassword
- Image
- SSH Key Pair
- Instance Template
- Specification Type
- Quota
- Virtual Machines
- Use Help
2022-02-25 14:40:34
Security group rules
Security group rules control the inbound traffic allowed to reach the instance associated with the security group and the outbound traffic allowed to leave the instance.
Security group rule content
-
Type: Common application types, such as SSH, PING or HTTP, etc., with the option of customizing TCP or UDP.
-
Protocol: Select by application type to display the type of protocol to which it belongs.
-
Target Port:
- If inbound rules are configured, the target port refers to the instance port within the security group; if outbound rules are configured, the target port refers to the remote port.
- The port value is 1-65535 and can be filled with a single port such as "22" or a range of ports such as "20-22".
- If you select Common Application in the rule type, the target port will be directly displayed as the corresponding default port without setting; if you select Custom TCP/Custom UDP, you can customize the port range.
-
Source/Destination IP: IP address or address segment allowed to access/be accessed (CIDR), IPv4 address, e.g. fill in 0.0.0.0/0 means all IP addresses are allowed to access; Ipv6 address, e.g. fill in ::/0 means all IP addresses are allowed to access.
-
Policy: Allow (default and no modification allowed).
-
Notes: Marking rule usage, up to 256 characters can be entered.
Security Group Rule Restrictions
- User-created security groups have the following rules by default
- Entry direction: Deny all traffic
- Outward direction: Open TCP port 80 and UDP ports 67, 68 and 161 due to internal service needs, all other traffic is denied
- The security group rule policy is always "Allow"; you cannot create a rule to "Deny" access.
- Security groups are stateful: If you configure an outbound rule to allow an instance to send a request to the outside, the response traffic for that request will be allowed to flow regardless of the inbound security group rule, and vice versa.
- You can add and remove rules at any time. The new security group policy is automatically applied to the instance associated with the security group.
Common ports
| Port | Service | Description |
|---|---|---|
| 21 | FTP | Port opened by FTP service for uploading and downloading files. |
| 22 | SSH | SSH port for connecting to Linux instances via command line mode or remote connection software (e.g. PuTTY, Xshell, SecureCRT, etc.). For details, see Using username password authenticationConnecting to Linux instances. |
| 23 | Telnet | Telnet port for Telnet instances |
| 25 | SMTP | Port opened by SMTP service for sending emails. Currently to open the port you need to submit a work order request. |
| 80 | HTTP | is used for web services such as IIS, Apache, Nginx, etc. to provide external access. |
| 110 | POP3 | Port open for POP3 (Mail Protocol 3) service. |
| 137, 138, 139 | NETBIOS protocol | where 137, 138 are UDP ports, which are used when transferring files through network neighbors. A connection coming in through port 139 is attempting to obtain NetBIOS/SMB service. This protocol is used for Windows file and printer sharing and SAMBA. |
| 143 | IMAP | is used for the IMAP (Internet Message Access Protocol) protocol, which is also the protocol for receiving e-mail. |
| 443 | HTTPS | is used for HTTPS services to provide access to the function. HTTPS is a protocol that provides encryption and transmission over secure ports. |
| 1433 | SQL Server | SQL Server The TCP port of SQL Server, used for SQL Server to provide services to the outside world. |
| 1434 | SQL Server | SQL Server The UDP port of SQL Server, used to return to the requester which TCP/IP port SQL Server is using. |
| 3306 | MySQL | The default port for MySQL databases, used by MySQL to provide services to the outside world. |
| 3389 | Windows Server Remote Desktop Services | Windows Server Remote Desktop Services (Remote Desktop Services) port, through which you can use software to connect to a Windows instance. For details, see Connecting to Windows instances. |
| proxy port | port 8080 | port 8080 is the same as port 80, which is used for WWW proxy services to enable web browsing. Often when accessing a website or using a proxy server, you need to add the ":8080" port number after the IP address. In addition, after installing the Apache Tomcat web server service, the default service port is 8080. |
Security Group Priority
Security groups have no priority, when an instance is associated with multiple security group associations, the rules of each security group will be aggregated to take effect, and access will be allowed or not according to the aggregated rules.
Related References
温馨提示
开始与售前顾问沟通
可直接拨打电话 400-098-8505转1
我们的产品专家为您找到最合适的产品/解决⽅案
在线咨询 5*8⼩时
点击咨询1v1线上咨询获取售前专业咨询
企微服务助手
专业产品顾问,随时随地沟通
提交反馈
您对本页面的整体评价?
非常不满意
非常满意
