Update a Security Rule Used in IP Networks
/network/v1/secrule/{name}
enabledFlag
parameter as false
.Required Role: To complete this task, you must have the Compute_Operations
role. If this role isn't assigned to you or you're not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud My Services. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Request
- application/oracle-compute-v3+json
-
name: string
The three-part name of the object (
/Compute-identity_domain/user/object
).
-
Cookie: string
The Cookie: header must be included with every request to the service. It must be set to the value of the set-cookie header in the response received to the POST /authenticate/ call.
object
-
acl(optional):
string
Select the three-part name of the access control list (ACL) that you want to add this security rule to. Security rules are applied to vNIC sets by using ACLs.
-
description(optional):
string
Description of the security rule.
-
dstIpAddressPrefixSets(optional):
array dstIpAddressPrefixSets
A list of IP address prefix sets to which you want to permit traffic. Only packets to IP addresses in the specified IP address prefix sets are permitted. When no destination IP address prefix sets are specified, traffic to any IP address is permitted.
-
dstVnicSet(optional):
string
The vNICset to which you want to permit traffic. Only packets to vNICs in the specified vNICset are permitted. When no destination vNICset is specified, traffic to any vNIC is permitted.
-
enabledFlag(optional):
boolean
Allows the security rule to be enabled or disabled. This parameter is set to true by default. Specify false to disable the security rule.
-
flowDirection:
string
Specify the direction of flow of traffic, which is relative to the instances, for this security rule. Allowed values are
ingress
oregress
.An ingress packet is a packet received by a virtual NIC, for example from another virtual NIC or from the public Internet.
An egress packet is a packet sent by a virtual NIC, for example to another virtual NIC or to the public Internet.
-
name:
string
The three-part name of the Ip address association (/Compute-identity_domain/user/object).
Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive. When you specify the object name, ensure that an object of the same type and with the same name doesn't already exist. If such an object already exists, another object of the same type and with the same name won't be created and the existing object won't be updated.
-
secProtocols(optional):
array secProtocols
A list of security protocols for which you want to permit traffic. Only packets that match the specified protocols and ports are permitted. When no security protocols are specified, traffic using any protocol over any port is permitted.
-
srcIpAddressPrefixSets(optional):
array srcIpAddressPrefixSets
A list of IP address prefix sets from which you want to permit traffic. Only packets from IP addresses in the specified IP address prefix sets are permitted. When no source IP address prefix sets are specified, traffic from any IP address is permitted.
-
srcVnicSet(optional):
string
The vNICset from which you want to permit traffic. Only packets from vNICs in the specified vNICset are permitted. When no source vNICset is specified, traffic from any vNIC is permitted.
-
tags(optional):
array tags
Strings that you can use to tag the security rule.
array
array
array
Response
- application/oracle-compute-v3+json
200 Response
-
set-cookie: string
The cookie value is returned if the session is extended
object
-
acl(optional):
string
Name of the ACL that contains this rule.
-
description(optional):
string
Description of the object.
-
dstIpAddressPrefixSets(optional):
array dstIpAddressPrefixSets
List of IP address prefix set names to match the packet's destination IP address.
-
dstVnicSet(optional):
string
Name of virtual NIC set containing the packet's destination virtual NIC.
-
enabledFlag(optional):
boolean
Allows the security rule to be disabled.
-
flowDirection(optional):
string
Direction of the flow; Can be "egress" or "ingress".
-
name(optional):
string
Name of the security rule.
-
secProtocols(optional):
array secProtocols
List of security protocol object names to match the packet's protocol and port.
-
srcIpAddressPrefixSets(optional):
array srcIpAddressPrefixSets
List of multipart names of IP address prefix set to match the packet's source IP address.
-
srcVnicSet(optional):
string
Name of virtual NIC set containing the packet's source virtual NIC.
-
tags(optional):
array tags
Tags associated with the object.
-
uri(optional):
string
Uniform Resource Identifier
array
array
array
Examples
cURL Command
The following example shows how to update a security rule, /Compute-acme/jack.jones@example.com/secrule1
, by submitting a PUT request on the REST resource using cURL. For more information about cURL, see Use cURL.
Enter the command on a single line. Line breaks are used in this example for readability.
curl -i -X PUT -H "Cookie: $COMPUTE_COOKIE" -H "Content-Type: application/oracle-compute-v3+json" -H "Accept: application/oracle-compute-v3+json" -d "@requestbody.json" https://api-z999.compute.us0.oraclecloud.com/network/v1/secrule/Compute-acme/jack.jones@example.com/secrule1
-
COMPUTE_COOKIE
is the name of the variable in which you stored the authentication cookie earlier. For information about retrieving the authentication cookie and storing it in a variable, see Authentication. -
api-z999.compute.us0.oraclecloud.com
is an example REST endpoint URL. Change this value to the REST endpoint URL of your Compute Classic site. For information about finding out REST endpoint URL for your site, see Send Requests. -
acme
andjack.jones@example.com
are example values. Replaceacme
with the identity domain ID of your Compute Classic account, andjack.jones@example.com
with your user name.
Example of Request Body
The following shows an example of the request body content in the requestbody.json
file to disable a security rule. You must specify values for the name
, enabledFlag
, and flowDirection
. You can update values of all the parameters except name
.
{ "enabledFlag": false, "flowDirection": "egress", "name": "/Compute-acme/jack.jones@example.com/secrule1" }
Example of Response Body
The following example shows the response body in JSON format when you disable a security rule.
{ "name": "/Compute-acme/jack.jones@example.com/secrule1", "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secrule/Compute-acme/jack.jones@example.com/secrule1", "description": null, "tags": [], "acl": null, "flowDirection": "egress", "srcVnicSet": null, "dstVnicSet": null, "srcIpAddressPrefixSets": [], "dstIpAddressPrefixSets": [], "secProtocols": [], "enabledFlag": false }