We saw how we can associate a security group to a virtual machine. We can also create a new security group or modify an existing security group to change a firewall rule. For example, we might want to open port 443 on the security group.
The following program demonstrates how we can create a new security group and modify its rules. We first create a security group by invoking the create_security_group() function call and providing a name. This function returns an object of the security group, which can then be passed to the create_security_group_rule() function along with the parameters that define the rule.
The rule opens the port 443 for the HTTPs protocol for all the incoming network traffic:
def open_port(conn): security_group = conn.network.create_security_group(name='packtpub-security-group') rule = conn.network.create_security_group_rule( security_group_id=security_group.id, direction='ingress', remote_ip_prefix='0.0.0.0/0', protocol='HTTPS', port_range_max='443', port_range_min='443', ethertype='IPv4')