In the following example, an instance named WEB1 will be created that acts as a web server running Apache on ports 80 and 443. To demonstrate how security group rules are implemented on a compute node, take note of the following WEB_SERVERS security group created with the Neutron security-group-create command:

Figure 6.3

The following screenshot shows two security group rules being added to the WEB_SERVERS security group using the security-group-rule-create command. The rules allow inbound connections on ports 80 and 443 from any remote host:

Figure 6.4

Using the Neutron port-update command, the WEB_SERVERS security group can be applied to the Neutron port of the WEB1 instance, as shown in the following screenshot:

Figure 6.5

Once a security group is applied to the corresponding Neutron port of an instance, a series of iptables rules and chains are implemented on the compute node hosting the instance.