diff options
-rw-r--r-- | TODO | 4 | ||||
-rw-r--r-- | doc/Makefile.inc | 1 | ||||
-rw-r--r-- | doc/eclat-lssg.1 | 5 | ||||
-rw-r--r-- | doc/eclat-sg.1 | 154 | ||||
-rw-r--r-- | src/sg-cl.opt | 10 |
5 files changed, 165 insertions, 9 deletions
@@ -18,7 +18,7 @@ AttachNetworkInterface - [ ] [ ] AttachVolume atvol [X] [X] AttachVpnGateway - [ ] [ ] AuthorizeSecurityGroupEgress - [ ] [ ] -AuthorizeSecurityGroupIngress sg [X] [ ] +AuthorizeSecurityGroupIngress sg [X] [X] BundleInstance - [ ] [ ] CancelBundleTask - [ ] [ ] CancelConversionTask - [ ] [ ] @@ -144,7 +144,7 @@ ResetInstanceAttribute - [ ] [ ] ResetNetworkInterfaceAttribute - [ ] [ ] ResetSnapshotAttribute clrsattr [X] [X] RevokeSecurityGroupEgress - [ ] [ ] -RevokeSecurityGroupIngress sg [X] [ ] +RevokeSecurityGroupIngress sg [X] [X] RunInstances mkinst [X] [X] StartInstances start [X] [X] StopInstances stop [X] [X] diff --git a/doc/Makefile.inc b/doc/Makefile.inc index 0e619cd..4c10f82 100644 --- a/doc/Makefile.inc +++ b/doc/Makefile.inc @@ -50,6 +50,7 @@ MANPAGES1=\ eclat-disasaddr.1\ eclat-setiattr.1\ eclat-setsattr.1\ + eclat-sg.1\ eclat-conmesg.1\ eclat-start.1\ eclat-stop.1\ diff --git a/doc/eclat-lssg.1 b/doc/eclat-lssg.1 index 1f1cfb1..69c31c9 100644 --- a/doc/eclat-lssg.1 +++ b/doc/eclat-lssg.1 @@ -13,7 +13,7 @@ .\" .\" You should have received a copy of the GNU General Public License .\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. -.TH LSSEC 1 "April 20, 2013" "ECLAT" "Eclat User Reference" +.TH LSSEC 1 "December 16, 2013" "ECLAT" "Eclat User Reference" .SH NAME eclat lssg, describe\-security\-groups \- return information about security groups .SH SYNOPSIS @@ -108,7 +108,8 @@ user 111122223333, group sg\-99gh4012 ("Group B") 6000\-7000 Outgoing: .EE .SH "SEE ALSO" -.BR eclat (1). +.BR eclat (1), +.BR eclat\-sg (1). .SH AUTHORS Sergey Poznyakoff .SH "BUG REPORTS" diff --git a/doc/eclat-sg.1 b/doc/eclat-sg.1 new file mode 100644 index 0000000..f9f62d6 --- /dev/null +++ b/doc/eclat-sg.1 @@ -0,0 +1,154 @@ +.\" This file is part of Eclat -*- nroff -*- +.\" Copyright (C) 2012, 2013 Sergey Poznyakoff +.\" +.\" Eclat is free software; you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation; either version 3, or (at your option) +.\" any later version. +.\" +.\" Eclat is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with Eclat. If not, see <http://www.gnu.org/licenses/>. +.TH SG 1 "December 17, 2013" "ECLAT" "Eclat User Reference" +.SH NAME +eclat sg \- manipulate security groups +.SH SYNOPSIS +\fBeclat sg\fR \fB\-A\fR|\fB\-D\fR|\fB\-\-add\fR|\fB\-\-delete\fR [\fB\-Nn\fR] [\fB\-G\fR \fINAME\fR] [\fB\-P\fR \fIPORT\fR[\fB\-\fIPORT\fR]] + [\fB\-g\fR \fIID\fR] [\fB\-p\fR \fIPROTO\fR] [\fB\-s\fR \fICIDR\fR] [\fB\-u\fR \fIUSER\fR] [\fB\-\-group\-id\fR=\fIID\fR] + [\fB\-\-group\-name\fR=\fINAME\fR] [\fB\-\-name\fR] [\fB\-\-next\fR, \fB\-\-new\fR] + [\fB\-\-port\fR=\fIPORT\fR[\fB\-\fIPORT\fR]] [\fB\-\-protocol\fr=\fIPROTO\fR] [\fB\-\-source\fR=\fICIDR\fR] + [\fB\-\-user\fR=\fIUSER\fR] \fIGROUP\fR +.br +\fBeclat sg\fR \fB\-\-list\fR|\fB\-L\fR [\fB\-n\fR] [\fB\-\-name\fR] [\fIGROUP\fR] +.br +\fBeclat sg\fR \fB\-h\fR +.br +\fBeclat sg\fR \fB\-\-help\fR +.br +\fBeclat sg\fR \fB\-\-usage\fR +.SH DESCRIPTION +The \fBsg\fR command is used to list and configure \fBEC2\fR security +groups. When used with the \fB\-\-list\fR (\fB\-L\fR) argument, it +displays the information about the given group, or all groups in the +account, if the \fIGROUP\fR argument is not provided. The argument is +either the group ID, or group name. In the latter case, the +\fB\-\-name\fR (\fB\-n\fR) option should be given. +.PP +When used with \fB\-\-add\fR (\fB\-A\fR) option, the command adds the +rules to the security groups. The rules are described using the command +line options. For example: +.PP +.EX +.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 sg-01234567 +.EE +.PP +This command adds to the security group \fBsg\-01234567\fR a rule +allowing access to port \fB22\fR from IP addresses in the range +\fB192.0.2.0\fR \- \fB192.0.2.255\fR. +.PP +If \fB\-\-proto icmp\fR is used the \fB\-\-port\fR option can be +omitted. +.PP +Several rules can be added in one invocation. The \fB\-\-next\fR +(\fB\-\-new\fR) option is used to separate them. E.g.: +.PP +.EX +.B eclat sg --add --proto tcp --port 22 --source 192.0.2.0/24 --next \\\\ +.B --proto icmp --source 192.0.2.0/24 sg-01234567 +.EE +.PP +The \fB\-\-delete\fR (\fB\-D\fR) option deletes existing rules, which +are defined using the same syntax as described above. +.SH OPTIONS +.SS Commands +These options define the operation to be performed over the security +group. A valid invocation of the \fBsg\fR subcommand must contain +exactly one of these: +.TP +.BR \-A , \-\-add +Add rules. +.TP +.BR \-D , \-\-delete +Delete rules. +.TP +.BR \-L , \-\-list +List rules. +.SS Rule constituents +The options below are used to define the rules. Unless \fB\-\-list\fR +is requsted, at least one rule must be defined. +.PP +A rule defines a set of IPv4 addresses and a port range that these are +allowed to access. The IP addresses can be specfied either in +dotted-quad notation or as host names and can optionally be followed +by a \fB/\fR and the network mask length or the network mask. For +example: \fB192.0.2.0/24\fR or \fB192.0.2.0/255.255.255.0\fR. Missing +netmask part implies the network mask length of \fB32\fR. +.PP +Another way of defining IP addresses is by supplying the name or ID of +another \fBEC2\fR security group. +.TP +\fB\-G\fR, \fB\-\-group\-name=\fINAME\fR +Sets source group name. +.TP +\fB\-P\fR, \fB\-\-port\fR=\fIPORT\fR[\fB-\fIPORT\fR] +Destination port number or range. Each \fIPORT\fR can be either a +port number in decimal or a service name from +.BR services (5). +.TP +\fB\-g\fR, \fB\-\-group\-id=\fIID\fR +Sets source group ID. +.TP +\fB\-p\fR, \fB\-\-protocol=\fIPROTO\fR +Protocol name or number. +.TP +\fB\-s\fR, \fB\-\-source=\fICIDR\fR +Source CIDR. The argument is an IPv4 address or host name, optionally +followed by a \fB/\fR and the network mask length in decimal or the +network mask in dotted-quad notation. +.TP +\fB\-u\fR, \fB\-\-user=\fIUSER\fR +User name for the subsequent \fB\-\-group\-name\fR or +\fB\-\-group\-id\fR option. +.SS Other options +.TP +.BR \-n , \-\-name +The \fIGROUP\fR argument is a group name. Without this option it is +treated as the group name. +.TP +.BR \-N , \-\-next , \-\-new +Begins next rule. +.SS Informational options +.TP +.BR \-h , \-\-help +Give a terse help summary. +.TP +.BR \-\-usage +List command line syntax and available options. +.SH "SEE ALSO" +.BR eclat (1), +.BR eclat\-lssg (1). +.SH AUTHORS +Sergey Poznyakoff +.SH "BUG REPORTS" +Report bugs to <bug\-eclat@gnu.org.ua>. +.SH COPYRIGHT +Copyright \(co 2012, 2013 Sergey Poznyakoff +.br +.na +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +.br +.ad +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +.\" Local variables: +.\" eval: (add-hook 'write-file-hooks 'time-stamp) +.\" time-stamp-start: ".TH [A-Z_][A-Z0-9_.\\-]* [0-9] \"" +.\" time-stamp-format: "%:B %:d, %:y" +.\" time-stamp-end: "\"" +.\" time-stamp-line-limit: 20 +.\" end: + diff --git a/src/sg-cl.opt b/src/sg-cl.opt index 45c5bf4..5eaa426 100644 --- a/src/sg-cl.opt +++ b/src/sg-cl.opt @@ -15,7 +15,7 @@ along with Eclat. If not, see <http://www.gnu.org/licenses/>. */ ECLAT_CL_BEGIN([<modify ingress rules of a security group>], - [<[GROUPID-OR-NAME]>]) + [<[GROUPARG]>]) OPTION(add,A,, [<add rules>]) @@ -37,7 +37,7 @@ BEGIN END OPTION(name,n,, - [<ID argument is a group name>]) + [<the GROUPARG argument is a group name>]) BEGIN dest_n = GROUP_NAME; END @@ -49,7 +49,7 @@ BEGIN END OPTION(group-id,g,[<ID>], - [<use before --from to indicate that its argument is a group ID>]) + [<source group ID>]) BEGIN struct group_arg *g = grecs_malloc(sizeof(*g)); translate_ids(1, &optarg, rt[GROUP_ID].map); @@ -62,7 +62,7 @@ BEGIN END OPTION(group-name,G,[<NAME>], - [<use before --from to indicate that its argument is a group name>]) + [<source group name>]) BEGIN struct group_arg *g = grecs_malloc(sizeof(*g)); translate_ids(1, &optarg, rt[GROUP_NAME].map); @@ -75,7 +75,7 @@ BEGIN END OPTION(user,u,[<USER>], - [<user name for the subsequent --from option>]) + [<user name for the subsequent --group-name or --group-id option>]) BEGIN user = optarg; END |