37 Security Protocol for IP Network

This section describes the Compute Classic CLI commands you can use to add, delete, update, and view security protocols for IP networks.

A security protocol allows you to specify a transport protocol and the source and destination ports to be used with the specified protocol. It is used for matching packets in a security rule. When you create a security rule, the protocols and ports of the specified security protocols are used to determine the type of traffic that is permitted by that security rule. If you don't specify protocols and ports in a security protocol, traffic is permitted over all protocols and ports.

You can specify a security protocol in multiple security rules. So if you have a protocol that you want to use in a number of security rules, you don't have to create the protocol multiple times.

Before running the CLI commands described in this section, make sure that you've installed the CLI client and set up the required environment variables as described in Preparing to Use the CLI.

Commands

• security-protocol add

• security-protocol list

• security-protocol get

• security-protocol update

• security-protocol delete

security-protocol add

Creates a security protocol for IP Networks. A security protocol allows you to specify a transport protocol and the source and destination ports to be used with the specified protocol. When you create a security rule, the protocols and ports of the specified security protocols are used to determine the type of traffic that is permitted by that security rule. If you don't specify protocols and ports in a security protocol, traffic is permitted over all protocols and ports.

Required Role

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Syntax

opc compute security-protocol add name [--description description] [--tags tags] [--ip-protocol protocol] [--dst-port-set port-numbers] [--src-port-set port-numbers]

Example

opc -f json compute security-protocol add /Compute-acme/jack.jones@example.com/secprotocol1 --description 'Sample security protocol' --ip-protocol tcp --dst-port-set "2018-2040" --src-port-set "1018-1040"

Sample Output

{
 "description": "Sample security protocol",
 "uri": "https://api-z999.compute.us0.oraclecloud.com/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1",
 "ipProtocol": "tcp",
 "srcPortSet": ["1018-1040"], 
 "dstPortSet": ["2018-2040"],
 "tags":[],
 "name": "/Compute-acme/jack.jones@example.com/secprotocol1"
}

security-protocol list

Retrieve details of all security protocols in the specified container. This request is for security protocols used in IP networks.

Required Role

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Syntax

opc compute security-protocol list container 

Example

opc -f json compute security-protocol list /Compute-acme/jack.jones@example.com

Sample Output

{
  "result": [
    {
      "name": "/Compute-acme/jack.jones@example.com/secprotocol1",
      "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1",
      "description": "sample security protocol",
      "tags": [],
      "ipProtocol": "tcp",
      "srcPortSet": ["2010-2022"],
      "dstPortSet": ["2025-2030"]
    },
    {
      "name": "/Compute-acme/jack.jones@example.com/secprotocol2",
      "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol2",
      "description": "Sample security protocol 2",
      "tags": [],
      "ipProtocol": "tcp",
      "srcPortSet": ["2036-2042"],
      "dstPortSet": ["2045-2050"]
    }
  ]
}

security-protocol get

Retrieves details of the specified security protocol. This request is for security protocols used in IP networks.

You can use the get command to verify whether add and update operations were completed successfully.

Required Role

To complete this task, you must have the Compute_Monitor or Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Syntax

opc compute security-protocol get name

Example

opc -f json compute security-protocol get /Compute-acme/jack.jones@example.com/secprotocol1

Sample Output

{
 "description": "Sample security protocol",
 "uri": "https://api-z999.compute.us0.oraclecloud.com/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1",
 "ipProtocol": "tcp",
 "srcPortSet": ["1018-1040"], 
 "dstPortSet": ["2018-2040"],
 "tags":[],
 "name": "/Compute-acme/jack.jones@example.com/secprotocol1"
}

security-protocol update

Update the specified security protocol for IP networks. You can update values of the description, ip-protocol, dst-port-set, src-port-set, and tags parameters of a security protocol.

Required Role

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Syntax

opc compute security-protocol update name [--description description] [--tags tags] [--ip-protocol protocol] [--dst-port-set port-numbers] [--src-port-set port-numbers]

Example

The following example demonstrates how you can update values of the description, ip-protocol, dst-port-set, and src-port-set parameters of the /Compute-acme/jack.jones@example.com/secprotocol1 security protocol.

opc -f json compute security-protocol update /Compute-acme/jack.jones@example.com/secprotocol1 --description 'Updating sample security protocol' --ip-protocol udp --dst-port-set "2025-2030" --src-port-set "2010-2022"

Sample Output

{
  "name": "/Compute-acme/jack.jones@example.com/secprotocol1",
  "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1",
  "description": "Updating sample security protocol",
  "tags": [],
  "ipProtocol": "udp",
  "srcPortSet": ["2010-2022"],
  "dstPortSet": ["2025-2030"]
}

security-protocol delete

Deletes the specified security protocol used in IP networks. No response is returned.

Ensure that the security protocol is not being used before deleting it.

Required Role

To complete this task, you must have the Compute_Operations role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.

Syntax

opc compute security-protocol delete name

Example

opc compute security-protocol delete /Compute-acme/jack.jones@example.com/secprotocol1