37 Security Protocol for IP Network
A security protocol allows you to specify a transport protocol and the source and destination ports to be used with the specified protocol. It is used for matching packets in a security rule. When you create a security rule, the protocols and ports of the specified security protocols are used to determine the type of traffic that is permitted by that security rule. If you don't specify protocols and ports in a security protocol, traffic is permitted over all protocols and ports.
You can specify a security protocol in multiple security rules. So if you have a protocol that you want to use in a number of security rules, you don't have to create the protocol multiple times.
Before running the CLI commands described in this section, make sure that you've installed the CLI client and set up the required environment variables as described in Preparing to Use the CLI.
security-protocol add
Creates a security protocol for IP Networks. A security protocol allows you to specify a transport protocol and the source and destination ports to be used with the specified protocol. When you create a security rule, the protocols and ports of the specified security protocols are used to determine the type of traffic that is permitted by that security rule. If you don't specify protocols and ports in a security protocol, traffic is permitted over all protocols and ports.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute security-protocol add name [--description description] [--tags tags] [--ip-protocol protocol] [--dst-port-set port-numbers] [--src-port-set port-numbers]
Example
opc -f json compute security-protocol add /Compute-acme/jack.jones@example.com/secprotocol1 --description 'Sample security protocol' --ip-protocol tcp --dst-port-set "2018-2040" --src-port-set "1018-1040"
Sample Output
{ "description": "Sample security protocol", "uri": "https://api-z999.compute.us0.oraclecloud.com/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1", "ipProtocol": "tcp", "srcPortSet": ["1018-1040"], "dstPortSet": ["2018-2040"], "tags":[], "name": "/Compute-acme/jack.jones@example.com/secprotocol1" }
security-protocol list
Retrieve details of all security protocols in the specified container. This request is for security protocols used in IP networks.
Required Role
To complete this task, you must have the Compute_Monitor
or Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute security-protocol list container
Example
opc -f json compute security-protocol list /Compute-acme/jack.jones@example.com
Sample Output
{ "result": [ { "name": "/Compute-acme/jack.jones@example.com/secprotocol1", "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1", "description": "sample security protocol", "tags": [], "ipProtocol": "tcp", "srcPortSet": ["2010-2022"], "dstPortSet": ["2025-2030"] }, { "name": "/Compute-acme/jack.jones@example.com/secprotocol2", "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol2", "description": "Sample security protocol 2", "tags": [], "ipProtocol": "tcp", "srcPortSet": ["2036-2042"], "dstPortSet": ["2045-2050"] } ] }
security-protocol get
Retrieves details of the specified security protocol. This request is for security protocols used in IP networks.
You can use the get
command to verify whether add
and update
operations were completed successfully.
Required Role
To complete this task, you must have the Compute_Monitor
or Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute security-protocol get name
Example
opc -f json compute security-protocol get /Compute-acme/jack.jones@example.com/secprotocol1
Sample Output
{ "description": "Sample security protocol", "uri": "https://api-z999.compute.us0.oraclecloud.com/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1", "ipProtocol": "tcp", "srcPortSet": ["1018-1040"], "dstPortSet": ["2018-2040"], "tags":[], "name": "/Compute-acme/jack.jones@example.com/secprotocol1" }
security-protocol update
Update the specified security protocol for IP networks. You can update values of the description
, ip-protocol
, dst-port-set
, src-port-set
, and tags
parameters of a security protocol.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute security-protocol update name [--description description] [--tags tags] [--ip-protocol protocol] [--dst-port-set port-numbers] [--src-port-set port-numbers]
Example
The following example demonstrates how you can update values of the description
, ip-protocol
, dst-port-set
, and src-port-set
parameters of the /Compute-acme/jack.jones@example.com/secprotocol1
security protocol.
opc -f json compute security-protocol update /Compute-acme/jack.jones@example.com/secprotocol1 --description 'Updating sample security protocol' --ip-protocol udp --dst-port-set "2025-2030" --src-port-set "2010-2022"
Sample Output
{ "name": "/Compute-acme/jack.jones@example.com/secprotocol1", "uri": "https://api-z999.compute.us0.oraclecloud.com:443/network/v1/secprotocol/Compute-acme/jack.jones@example.com/secprotocol1", "description": "Updating sample security protocol", "tags": [], "ipProtocol": "udp", "srcPortSet": ["2010-2022"], "dstPortSet": ["2025-2030"] }
security-protocol delete
Deletes the specified security protocol used in IP networks. No response is returned.
Ensure that the security protocol is not being used before deleting it.
Required Role
To complete this task, you must have the Compute_Operations
role. If this role isn’t assigned to you or you’re not sure, then ask your system administrator to ensure that the role is assigned to you in Oracle Cloud Infrastructure Classic Console. See Modifying User Roles in Managing and Monitoring Oracle Cloud.
Syntax
opc compute security-protocol delete name
Example
opc compute security-protocol delete /Compute-acme/jack.jones@example.com/secprotocol1