We saw how we can associate a security group to a virtual machine. We can also create a new security group or modify an existing security group to change a firewall rule. For example, we might want to open port 443 on the security group.

The following program demonstrates how we can create a new security group and modify its rules. We first create a security group by invoking the create_security_group() function call and providing a name. This function returns an object of the security group, which can then be passed to the create_security_group_rule() function along with the parameters that define the rule.

The rule opens the port 443 for the HTTPs protocol for all the incoming network traffic:

def open_port(conn):
    security_group = conn.network.create_security_group(name='packtpub-security-group')

    rule = conn.network.create_security_group_rule(
        security_group_id=security_group.id,
        direction='ingress',
        remote_ip_prefix='0.0.0.0/0',
        protocol='HTTPS',
        port_range_max='443',
        port_range_min='443',
        ethertype='IPv4')