diff --git a/exercise.sh b/exercise.sh
index dc8163f..fb95fdf 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -82,6 +82,15 @@ glance -A $TOKEN index
 # Let's grab the id of the first AMI image to launch
 IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`
 
+# Security Groups
+# ---------------
+SECGROUP=test_secgroup
+
+# List of secgroups:
+nova secgroup-list
+
+# Create a secgroup
+nova secgroup-create $SECGROUP "test_secgroup description"
 
 # Flavors
 # -------
@@ -92,9 +101,9 @@ nova flavor-list
 # and grab the first flavor in the list to launch
 FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`
 
-NAME="firstpost"
+NAME="myserver"
 
-nova boot --flavor $FLAVOR --image $IMAGE $NAME
+nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
 
 # let's give it 10 seconds to launch
 sleep 10
@@ -113,10 +122,47 @@ ping -c1 -w1 $IP || true
 sleep 5
 
 ping -c1 -w1 $IP 
+# allow icmp traffic
+nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0
+
+# List rules for a secgroup
+nova secgroup-list-rules $SECGROUP
+
+# allocate a floating ip
+nova floating-ip-create
+
+# store  floating address
+FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`
+
+# add floating ip to our server
+nova add-floating-ip $NAME $FIP
+
+# sleep for a smidge
+sleep 1
+
+# ping our fip
+ping -c1 -w1 $FIP
+
+# dis-allow icmp traffic
+nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
+
+# sleep for a smidge
+sleep 1
+
+# ping our fip
+if ( ping -c1 -w1 $FIP); then
+    print "Security group failure - ping should not be allowed!"
+    exit 1
+fi
+
+# de-allocate the floating ip
+nova floating-ip-delete $FIP
 
 # shutdown the server
 nova delete $NAME
 
+# Delete a secgroup
+nova secgroup-delete $SECGROUP
+
 # FIXME: validate shutdown within 5 seconds 
 # (nova show $NAME returns 1 or status != ACTIVE)?
-