1. Managing and Monitoring Oracle Cloud
  2. Performing Service-Specific Tasks
  3. Managing Internet Protocol Allowlist and Blocklist Rules

Managing Internet Protocol Allowlist and Blocklist Rules

For some Oracle Cloud services or services that support instances, you can add your own Internet Protocol (IP) allowlist and blocklist rules, and activate the firewall for the cloud service.

Use the Firewall page in Infrastructure Classic Console or Applications Console to create your allowlist and blocklist rules and enable the firewall.

To create the rules and enable the firewall:
  1. Sign in to Applications Console or Infrastructure Classic Console.
    Sign in to the Applications Console if you want to work with Oracle Cloud Applications. Sign in to Infrastructure Classic Console if you want to access Oracle Cloud infrastructure and platform services. If you see Infrastructure Classic at the top of the page when you sign in to Oracle Cloud, then you are using Infrastructure Classic Console and your subscription does not support access to the Oracle Cloud Console.
  2. Navigate to the service listing for which you want to create and enable firewall rules.
  3. Click the service name to open the details page for the service.
  4. Click the Firewall tile. This tile is hidden for some Oracle Cloud Application services in mid-market environments.
  5. If your service has instances, select an instance from the list.
  6. In the right pane, under the Rules section, click Create Rule.
    The Create Firewall Rule dialog box is displayed.
  7. Select the type of rule you want to create.
    The options are:
    • By Address: To allow or block an IP address, such as 1.1.1.1.
    • By Range: To allow or block a range of IP addresses such as range from 1.1.3.1 to 1.1.3.254.
    • By CIDR: To allow or block IP addresses allocated by Classless Inter-Domain Routing (CIDR), such as range from 1.1.2.1 to 1.1.1.254.
    • By Subnet/Mask: To allow or block IP addresses based on subnet masks, such as range from 1.1.4.1 to 1.1.4.254. The system rejects addresses such as 0.0.0.0 or 255.255.255.255. The system also rejects addresses if their binary equivalents don’t contain a continuous sequence of 1s. For example, the system rejects 255.0.255.0 because this is equivalent to 11111111 00000000 11111111 00000000 in binary format.
  8. Select Allow or Deny from the Rule Type list as per your requirement.
  9. Specify the address, range, CIDR, or subnet mask based on what you selected in Step 6.
  10. Click Create.
  11. Under the Activation section, click Enable.
Access Control determines which requests to allow or deny based on preset conditions present in the Routing rules. Oracle Cloud supports two access control dispositions: Allowlist and Blocklist, and additionally a default disposition None that allows access to all IP addresses. The ALLOWLIST disposition signifies that the default access control is deny, and you can specify certain IP addresses, CIDR, or Subnets to be allowed access. The BLOCKLIST disposition signifies that the default access control is allow, and you can specify certain IP addresses, CIDR, or Subnets to be denied access.

You can also modify or remove firewall rules by clicking action icon Action, and then selecting Modify or Remove accordingly. After you are done making updates to the rules, click Apply. The Apply button is disabled when you select Allowlist from the Disposition list. Click Cancel if you wish to revert your updates.

If you specify None as the Disposition, then firewall rules are disabled. You’ll be prompted for confirmation when disabling firewall rules. The Create Rule button is disabled when you select None as the Disposition.