34 Security IP List
A security IP list is a set of IP addresses or subnets external to the instances you create in Oracle Cloud. These lists can then be used as a source or a destination when you define access rules.
Note that, a security IP list named /oracle/public/public-internet
is predefined in Compute Classic. You can use this security IP list as the source in a security rule to permit traffic from any host on the Internet.
Before running the CLI commands described in this section, make sure that you've installed the CLI client and set up the required environment variables as described in Preparing to Use the CLI.
sec-ip-list add
Creates a security IP list. Note that, after creating a security IP list, you can add additional IP addresses to the list by running the sec-ip-list add
command again with just the additional IP addresses.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list add name secipentries [--description 'description']
For help with the parameters and options of this command, run the command with the -h
option.
Example
opc -f json compute sec-ip-list add /Compute-acme/jack.jones@example.com/yumrepo 173.223.232.153,173.223.232.161 --description 'public yum site'
Sample Output
{ "secipentries": [ "173.223.232.153", "173.223.232.161" ], "description": "public yum site", "name": "/Compute-acme/jack.jones@example.com/yumrepo", "uri": "https://api-z999.compute.us0.oraclecloud.com/seciplist/Compute-acme/jack.jones@example.com/yumrepo" }
sec-ip-list list
Retrieves details of the security IP lists that are in the specified container and match the specified query criteria. If you don't specify any query criteria, then details of all the security IP lists in the container are displayed.
Required Role
To complete this task, you must have the Compute_Monitor
or Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list list container [--name name]
For help with the parameters and options of this command, run the command with the -h
option.
Example
The following example retrieves the names and IP addresses in all the security IP lists defined in the /oracle/public
container.
opc -f table -F name,secipentries compute sec-ip-list list /oracle/public
Sample Output
Note that this output is merely an example. The security IP lists displayed when you run this command may be different.
+-------------------------------+--------------------------------+ NAME | SECIPENTRIES +-------------------------------+--------------------------------+ /oracle/public/instance | [10.2.0.0/26 10.196.160.0/19 | 10.196.192.0/19] /oracle/public/paas-infra | [10.102.201.132 10.102.201.133 | 10.102.201.134 10.102.201.138 | 10.202.8.150 10.202.8.155 | 160.34.15.48/29 100.64.0.0/24] /oracle/public/public-internet | [0.0.0.0/0] /oracle/public/site | [10.110.23.0/26 | 10.110.23.128/26 | 10.110.23.192/26] +-------------------------------+--------------------------------+
sec-ip-list discover
Required Role
To complete this task, you must have the Compute_Monitor
or Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list discover container
For help with the parameters and options of this command, run the command with the -h
option.
Example
opc -f json compute sec-ip-list discover /Compute-acme/jack.jones@example.com
Sample Output
{ "result": [ "/Compute-acme/jack.jones@example.com/yumrepo", "/Compute-acme/jack.jones@example.com/adminhosts" ] }
sec-ip-list get
Retrieves information about the specified security IP list.
You can use the get
command to verify whether add
and update
operations were completed successfully. Use the -F
option (for example, -F name
) to filter the output for specific attributes.
Required Role
To complete this task, you must have the Compute_Monitor
or Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list get name
For help with the parameters and options of this command, run the command with the -h
option.
Example
The following example retrieves the IP addresses defined in the /Compute-acme/jack.jones@example.com/yumrepo
security IP list.
opc -f json compute sec-ip-list get /Compute-acme/jack.jones@example.com/yumrepo
Sample Output
{ "secipentries": [ "173.223.232.153", "173.223.232.161" ], "description": "public yum site", "name": "/Compute-acme/jack.jones@example.com/yumrepo", "uri": "https://api-z999.compute.us0.oraclecloud.com/seciplist/Compute-acme/jack.jones@example.com/yumrepo" }
sec-ip-list update
Updates IP addresses and description of the specified security IP list. Note that this command replaces the values in the secipentries
and description
fields with the new values that you specify. To add one or more IP addresses to the existing list, run the sec-ip-list add command and specify just the additional IP addresses.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list update name secipentries [--description 'description']
For help with the parameters and options of this command, run the command with the -h
option.
Example
This command replaces the IP addresses and description of the /Compute-acme/jack.jones@example.com/yumrepo
security IP list.
opc -f json compute sec-ip-list update /Compute-acme/jack.jones@example.com/yumrepo 203.0.113.5,203.0.113.6 --description 'admin hosts'
Sample Output
{ "secipentries": [ "203.0.113.5", "203.0.113.6" ], "description": "admin hosts", "name": "/Compute-acme/jack.jones@example.com/yumrepo", "uri": "https://api-z999.compute.us0.oraclecloud.com/seciplist/Compute-acme/jack.jones@example.com/yumrepo" }
sec-ip-list delete
Deletes the specified security IP list. No response is returned.
You can’t delete system-provided security IP lists that are available in the /oracle/public
container.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute sec-ip-list delete name
For help with the parameters and options of this command, run the command with the -h
option.
Example
opc compute sec-ip-list delete /Compute-acme/jack.jones@example.com/yumrepo