Adding Ingress Rules

Add ingress rules to the public or private subnet to allow traffic from authorized IP addresses.

If you are connecting to your DB system using a compute instance, Bastion session, or VPN connection, add the ingress rules to the security list of the private subnet. If you are connecting to your DB system using a network load balancer, that is, using a public IP address, add the ingress rules to the default security list of the public subnet.

Using the Console

Use the Console to add ingress rules to a virtual cloud network (VCN).

This task requires the following:
Do the following to add ingres rules:
  1. Open the navigation menu, select Networking, and then select Virtual Cloud Networks.
  2. Select your compartment from the List Scope.
  3. From the list of VCNs, click the name of your VCN to open the Virtual Cloud Network Details page.
  4. In the Virtual Cloud Network Details page, select Security Lists from the Resources section.
  5. From the list of security lists, do one of the following:
    • If you are connecting to your DB system using a compute instance, Bastion session, or VPN, click the security list of your private subnet.
    • If you are connecting to your DB system using a network load balancer, that is, using a public IP address, click the default security list of your public subnet.
  6. In the Security List Details page, click Add Ingress Rules.
  7. In the Add Ingress Rules dialog box, provide the following information:
    • Stateless: Do not select.
    • Source Type: Select CIDR.
    • Source CIDR: Specify the CIDR of the public subnet. If required, you can narrow down the range to more specific IP addresses:
      • 10.0.0.0/8: Allows traffic from 10.0.0.0 to 10.255.255.255 IP addresses, that is, a total of 16,777,216 IP addresses.
      • 10.0.0.0/16: Allows traffic from 10.0.0.0 to 10.0.255.255 IP addresses, that is, a total of 65,536 IP addresses.
      • 10.0.0.0/24: Allows traffic from 10.0.0.0 to 10.0.0.255 IP addresses, that is, a total of 256 IP addresses.
      • 10.0.2.24/32: Allows traffic from 10.0.2.24 IP address only.
    • IP Protocol: Select TCP.
    • Source Port Range: Leave it blank.
    • Destination Port Range: Specify the port to which the DB system listens. The default value for MySQL Classic is 3306 and for MySQL X Protocol is 33060. To add multiple destination ports simultaneously, add them as a comma-separated list. For example, to add ingress rules for ports 3306 and 33060 simultaneously, enter 3306,33060.
    • Description: Add a descriptive string for the ingress rules.
  8. Click Add Ingress Rules.
The ingress rule is added to the security list of the subnet.