1. Getting Started with Oracle Cloud at Customer
  2. Getting Started with IaaS and PaaS Services
  3. Compute Classic: Advanced Tasks
  4. Control Network Traffic

Control Network Traffic

The steps to control network traffic for your VMs vary depending on whether the VMs are attached to the shared network or to IP networks.

Scenario 1: Open Ports for VMs Attached to the Shared network

Network traffic to and from VMs attached to the shared network is controlled by security rules that you define and also the access policy defined for the security list that the VMs are in. By default, the outbound policy of a security list is permit and the inbound policy is deny. To permit traffic to the VMs, you must create the necessary security rules.

Prerequisites

  1. Identity the source and destination security lists that contain the VMs for which you want to open ports. If you want to use new security lists, then create them and add your VMs to the security lists. See Creating a Security List and Adding an Instance to a Security List in Using Oracle Cloud Infrastructure Compute Classic.

  2. Identify the protocol for which you want to allow traffic. Note that for well known protocols such as HTTPS (port 443), SSH (port 22), and ICMP (for ping requests), Oracle provides predefined protocols (called security applications) that you can use in your security rules.

    If you want to create a security application, then complete the steps in Creating a Security Application in Using Oracle Cloud Infrastructure Compute Classic.

  3. (Optional) If the source or destination for which you want to permit network traffic is a specific set of hosts outside the Compute Classic site, then create the required security IP lists as described in Creating a Security IP List in Using Oracle Cloud Infrastructure Compute Classic.

Procedure

Create a security rule to permit traffic to the VM.

  1. Sign in to the Compute Classic console.

  2. Click the Network tab.

  3. Expand Shared Network in the left navigation pane, and then click Security Rules.

  4. Click Create Security Rule.

  5. In the Create Security Rule dialog box, select or enter the following information:

    • Name: Enter a name for the security rule.

    • Status: Select Enabled.

    • Security Application: Select the security application that you identified (or created) earlier.

    • Source

      • If the source from which you want to permit network traffic is a security list within the site, then select that security list.

      • If the source from which you want to permit network traffic is a set of hosts outside the site or the public Internet, then select the appropriate security IP list.

    • Destination

      • If the destination to which you want to permit network traffic is a security list within the site, then select that security list.

      • If the destination to which you want to permit network traffic is a set of hosts outside the site or the public Internet, then select the appropriate security IP list.

    • Description: Enter a meaningful description for the new rule.

  6. Click Create.

Scenario 2: Permit Network Traffic for VMs Attached to IP networks

Network traffic to and from a VM attached to an IP network is controlled by access control lists (ACLs) containing security rules that you define and apply to the appropriate vNICsets.

Prerequisites

  • Identify the source and destination vNICsets that contain to the vNICs for which you want to control network access. To create a new vNICset, complete the steps in Creating a vNICset in Using Oracle Cloud Infrastructure Compute Classic.

  • (Optional) If the source or destination for which you want to permit network traffic is a specific set of hosts outside the Compute Classic site, then create the required IP address prefix sets as described in Creating an IP Address Prefix Set in Using Oracle Cloud Infrastructure Compute Classic.

  • Identify the ACL in which you want to define the required security rules. If you want to use a new ACL, then create it as described in Creating an ACL in Using Oracle Cloud Infrastructure Compute Classic.

  • Identify the security protocols for which you want to define security rules. Note that for well known protocols such as HTTPS (port 443), SSH (port 22), and ICMP (for ping requests), Oracle provides predefined security protocols that you can use in your security rules.

    If you want to create a security protocol, then complete the steps in Creating a Security Protocol for IP Networks in Using Oracle Cloud Infrastructure Compute Classic.

Procedure

Create an ingress security rule to permit traffic to the VM.

  1. Sign in to the Compute Classic console.

  2. Click the Network tab.

  3. Expand IP Network in the left navigation pane, and then click Security Rules.

  4. Click Create Security Rule.

  5. In the Create Security Rule dialog box, select or enter the following information:

    • Name: Enter a name for the security rule.

    • Status: Select Enabled.

    • Type: Select Ingress or Egress, as appropriate.

    • Access Control List: Select the ACL that you identified (or created) earlier.

    • Security Protocols: Select the security protocols that you identified (or created) earlier.

    • Source IP Address Prefix Sets: If the source from which you want to permit network traffic is a set of hosts outside the site, then select the appropriate IP address prefix set that you created earlier.

    • Source vNICset: If the source from which you want to permit network traffic is a vNICset within the site, then select the vNICset that you identified or created earlier.

    • Destination IP Address Prefix Sets: If the destination to which you want to permit network traffic is a set of hosts outside the site, then select the appropriate IP address prefix set that you created earlier.

    • Destination vNICset: If the destination to which you want to permit network traffic is a vNICset within the site, then select the vNICset that you identified or created earlier.

    • Description: Enter a meaningful description for the new rule.

    • Tags: Select the tags to be assigned to the rule.

  6. Click Create.

Scenario 3: Control Network Traffic for VMs Attached to the Shared Network and to IP Networks

Complete the steps for scenario 1 and scenario 2.