.. _secgroups_create_card:

Security groups: create
=========================

Security groups are a set of IP filter rules that are applied to an instance. 
These rules specify which type of traffic is allowed to reach the instance 
(see section :ref:`cloud/os_overview/os_components/network:security groups` for more information). 

- Go to the :ref:`cloud/os_overview/management_tools/dashboard:horizon dashboard`
- Go to *"Network → Security Groups"* and click on *"create security group"*
- Give a name to the security group and click on *"create security group"*
- The security group is created **by default with NO ingress rules**

.. image:: /cloud/_img/op_network_secgroups_img1.png

- Select *"Add rule"* to specify the ingress rules.
- A list of pre-defined rules is available for you to choose from (but you can create your own rule if you prefer). Common default rules are: 

  - SSH (port 22)
  - ICMP (allow to "ping" a server)
  - HTTP (port 80)
  - HTTPS (port 443)

.. image:: /cloud/_img/op_network_secgroups_img2.png

- In the CIDR field, you can limit the range of IPs which are allowed to the rule. 

**NOTE**: 0.0.0.0/0 means all internet