CreateSecurityList
/20160918/securityLists
You may optionally specify a display name for the security list. If you do not, a default display name is provided. The display name does not need to be unique, and you can change it. Avoid entering confidential information.
Request
- application/json
-
opc-retry-token: string
Minimum Length:
1
Maximum Length:64
A token that uniquely identifies a request so it can be retried in case of a timeout or server error without risk of executing that same action again. Retry tokens expire after 24 hours, but can be invalidated before then due to conflicting operations (for example, if a resource has been deleted and purged from the system, then a retry of the original creation request may be rejected).
object
-
compartmentId(required):
string
Minimum Length:
1
Maximum Length:255
The OCID of the compartment to contain the security list. -
definedTags:
object definedTags
Additional Properties Allowed: additionalPropertiesDefined tags for this resource. Each key is predefined and scoped to a namespace.
-
displayName:
string
Minimum Length:
1
Maximum Length:255
A user-friendly name. Does not need to be unique, and it is changeable. Avoid entering confidential information. -
egressSecurityRules(required):
array egressSecurityRules
Rules for allowing egress IP packets.
-
freeformTags:
object freeformTags
Additional Properties Allowed: additionalPropertiesFree-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
-
ingressSecurityRules(required):
array ingressSecurityRules
Rules for allowing ingress IP packets.
-
vcnId(required):
string
Minimum Length:
1
Maximum Length:255
The OCID of the VCN the security list belongs to.
object
-
object additionalProperties
Additional Properties Allowed: additionalPropertiesKey-value pair representing a defined tag key and value, scoped to a namespace.
array
-
Array of:
object EgressSecurityRule
A rule for allowing outbound IP packets.
object
array
-
Array of:
object IngressSecurityRule
A rule for allowing inbound IP packets.
object
-
object additionalProperties
The value of the tag. Only the String type is supported.
object
object
-
description:
string
Minimum Length:
1
Maximum Length:255
An optional description of your choice for the rule. -
destination(required):
string
This is the range of IP addresses that a packet originating from the instance can go to. The following values are allowed:
- An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
- The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway.
-
destinationType:
string
Default Value:
CIDR_BLOCK
Allowed Values:[ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
Type of destination for the rule. The default value is CIDR_BLOCK. The following values are allowed:- CIDR_BLOCK: If the rule's destination is an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's destination is the cidrBlock value for a Service (the rule is for traffic destined for a particular Service through a service gateway).
-
icmpOptions:
object IcmpOptions
Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
-
isStateless:
boolean
A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
-
protocol(required):
string
The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
-
tcpOptions:
object TcpOptions
Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
-
udpOptions:
object UdpOptions
Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
object
-
code:
integer
Minimum Value:
0
Maximum Value:16
The ICMP code (optional). -
type(required):
integer
Minimum Value:
0
Maximum Value:254
The ICMP type.
object
object
object
-
max(required):
integer
Minimum Value:
1
Maximum Value:65535
The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value. -
min(required):
integer
Minimum Value:
1
Maximum Value:65535
The minimum port number, which must not be greater than the maximum port number.
object
-
description:
string
Minimum Length:
1
Maximum Length:255
An optional description of your choice for the rule. -
icmpOptions:
object IcmpOptions
Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
-
isStateless:
boolean
A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if ingress traffic allows TCP destination port 80, there should be an egress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
-
protocol(required):
string
The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
-
source(required):
string
This is the range of IP addresses that a packet coming into the instance can come from. The following values are allowed:
- An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
- The cidrBlock value for a Service, if you're setting up a security list rule for traffic coming from a particular Service through a service gateway.
-
sourceType:
string
Default Value:
CIDR_BLOCK
Allowed Values:[ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
Type of source for the rule. The default is CIDR_BLOCK.- CIDR_BLOCK: If the rule's source is an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's source is the cidrBlock value for a Service (the rule is for traffic coming from a particular Service through a service gateway).
-
tcpOptions:
object TcpOptions
Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
-
udpOptions:
object UdpOptions
Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
Response
- application/json
200 Response
-
etag: string
For optimistic concurrency control. See if-match.
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
Note: Compare security lists to NetworkSecurityGroups, which let you apply a set of security rules to a specific set of VNICs instead of an entire subnet. Oracle recommends using network security groups instead of security lists, although you can use either or both together.
Important: Private Cloud Appliance Compute service images automatically include firewall rules (for example, Linux iptables, Windows firewall). If there are issues with some type of access to an instance, make sure both the security lists associated with the instance's subnet and the instance's firewall rules are set correctly. To use any of the API operations, you must be authorized in an IAM policy.
-
compartmentId(required):
string
Minimum Length:
1
Maximum Length:255
The OCID of the compartment containing the security list. -
definedTags:
object definedTags
Additional Properties Allowed: additionalPropertiesDefined tags for this resource. Each key is predefined and scoped to a namespace.
-
displayName(required):
string
Minimum Length:
1
Maximum Length:255
A user-friendly name. Does not need to be unique, and it is changeable. Avoid entering confidential information. -
egressSecurityRules(required):
array egressSecurityRules
Rules for allowing egress IP packets.
-
freeformTags:
object freeformTags
Additional Properties Allowed: additionalPropertiesFree-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
-
id(required):
string
Minimum Length:
1
Maximum Length:255
The security list's OCID. -
ingressSecurityRules(required):
array ingressSecurityRules
Rules for allowing ingress IP packets.
-
lifecycleState(required):
string
Allowed Values:
[ "PROVISIONING", "AVAILABLE", "TERMINATING", "TERMINATED" ]
The security list's current state. -
timeCreated(required):
string(date-time)
The date and time the security list was created, in the format defined by [RFC3339](https://tools.ietf.org/html/rfc3339). Example: 2016-08-25T21:10:29.600Z
-
vcnId(required):
string
Minimum Length:
1
Maximum Length:255
The OCID of the VCN the security list belongs to.
object
-
object additionalProperties
Additional Properties Allowed: additionalPropertiesKey-value pair representing a defined tag key and value, scoped to a namespace.
array
-
Array of:
object EgressSecurityRule
A rule for allowing outbound IP packets.
object
array
-
Array of:
object IngressSecurityRule
A rule for allowing inbound IP packets.
object
-
object additionalProperties
The value of the tag. Only the String type is supported.
object
object
-
description:
string
Minimum Length:
1
Maximum Length:255
An optional description of your choice for the rule. -
destination(required):
string
This is the range of IP addresses that a packet originating from the instance can go to. The following values are allowed:
- An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
- The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway.
-
destinationType:
string
Default Value:
CIDR_BLOCK
Allowed Values:[ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
Type of destination for the rule. The default value is CIDR_BLOCK. The following values are allowed:- CIDR_BLOCK: If the rule's destination is an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's destination is the cidrBlock value for a Service (the rule is for traffic destined for a particular Service through a service gateway).
-
icmpOptions:
object IcmpOptions
Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
-
isStateless:
boolean
A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
-
protocol(required):
string
The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
-
tcpOptions:
object TcpOptions
Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
-
udpOptions:
object UdpOptions
Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
object
-
code:
integer
Minimum Value:
0
Maximum Value:16
The ICMP code (optional). -
type(required):
integer
Minimum Value:
0
Maximum Value:254
The ICMP type.
object
object
object
-
max(required):
integer
Minimum Value:
1
Maximum Value:65535
The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value. -
min(required):
integer
Minimum Value:
1
Maximum Value:65535
The minimum port number, which must not be greater than the maximum port number.
object
-
description:
string
Minimum Length:
1
Maximum Length:255
An optional description of your choice for the rule. -
icmpOptions:
object IcmpOptions
Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
-
isStateless:
boolean
A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if ingress traffic allows TCP destination port 80, there should be an egress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
-
protocol(required):
string
The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
-
source(required):
string
This is the range of IP addresses that a packet coming into the instance can come from. The following values are allowed:
- An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
- The cidrBlock value for a Service, if you're setting up a security list rule for traffic coming from a particular Service through a service gateway.
-
sourceType:
string
Default Value:
CIDR_BLOCK
Allowed Values:[ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
Type of source for the rule. The default is CIDR_BLOCK.- CIDR_BLOCK: If the rule's source is an IP address range in CIDR notation.
- SERVICE_CIDR_BLOCK: If the rule's source is the cidrBlock value for a Service (the rule is for traffic coming from a particular Service through a service gateway).
-
tcpOptions:
object TcpOptions
Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
-
udpOptions:
object UdpOptions
Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
400 Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload
401 Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload
404 Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload
409 Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload
500 Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload
Default Response
-
opc-request-id: string
Unique Oracle-assigned identifier for the request. Provide this request OCID if you need to contact Oracle about this request.
object
-
code(required):
string
A short error code that defines the error, meant for programmatic parsing..Example:
UnknownError
-
message(required):
string
A human-readable error string.Example:
error validating payload