1. REST API for Oracle Private Cloud Appliance Compute Enclave
  2. Tasks
  3. Networking
  4. Security Lists

Get a Security List

get

/20160918/securityLists/{security_list_id}

Get the specified security list's information.

Request

Supported Media Types
Path Parameters
Back to Top

Response

Supported Media Types

200 Response

The security list was retrieved.
Headers
  • For optimistic concurrency control. See `if-match`.
  • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
Body ()
Root Schema : SecurityList
Type: object
A set of virtual firewall rules for your VCN. Security lists are configured at the subnet level, but the rules are applied to the ingress and egress traffic for the individual instances in the subnet. The rules can be stateful or stateless.

Note: Compare security lists to NetworkSecurityGroups, which let you apply a set of security rules to a specific set of VNICs instead of an entire subnet. Oracle recommends using network security groups instead of security lists, although you can use either or both together.

Important: Private Cloud Appliance Compute service images automatically include firewall rules (for example, Linux iptables, Windows firewall). If there are issues with some type of access to an instance, make sure both the security lists associated with the instance's subnet and the instance's firewall rules are set correctly. To use any of the API operations, you must be authorized in an IAM policy.

Show Source
Nested Schema : definedTags
Type: object
Additional Properties Allowed
Show Source
Defined tags for this resource. Each key is predefined and scoped to a namespace.
Nested Schema : egressSecurityRules
Type: array
Rules for allowing egress IP packets.
Show Source
Nested Schema : freeformTags
Type: object
Additional Properties Allowed
Show Source
Free-form tags for this resource. Each tag is a simple key-value pair with no predefined name, type, or namespace. Example: {"Department": "Finance"}
Nested Schema : ingressSecurityRules
Type: array
Rules for allowing ingress IP packets.
Show Source
Nested Schema : additionalProperties
Type: object
Additional Properties Allowed
Show Source
Key-value pair representing a defined tag key and value, scoped to a namespace. Example: `{"CostCenter": "42"}`
Nested Schema : additionalProperties
Type: object
The value of the tag. Only the String type is supported.
Nested Schema : EgressSecurityRule
Type: object
A rule for allowing outbound IP packets.
Show Source
  • Minimum Length: 1
    Maximum Length: 255
    An optional description of your choice for the rule.
  • This is the range of IP addresses that a packet originating from the instance can go to. The following values are allowed:
  • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
  • The cidrBlock value for a Service, if you're setting up a security rule for traffic destined for a particular Service through a service gateway.
  • Default Value: CIDR_BLOCK
    Allowed Values: [ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
    Type of destination for the rule. The default value is CIDR_BLOCK. The following values are allowed:
  • CIDR_BLOCK: If the rule's destination is an IP address range in CIDR notation.
  • SERVICE_CIDR_BLOCK: If the rule's destination is the cidrBlock value for a Service (the rule is for traffic destined for a particular Service through a service gateway).
  • IcmpOptions
    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
  • A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if egress traffic allows TCP destination port 80, there should be an ingress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
  • The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
  • TcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
  • UdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    • Nested Schema : IcmpOptions
    Type: object
    Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
    Show Source
    Nested Schema : TcpOptions
    Type: object
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
    Show Source
    Nested Schema : UdpOptions
    Type: object
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.
    Show Source
    Nested Schema : PortRange
    Type: object
    Show Source
    • Minimum Value: 1
      Maximum Value: 65535
      The maximum port number, which must not be less than the minimum port number. To specify a single port number, set both the min and max to the same value.
    • Minimum Value: 1
      Maximum Value: 65535
      The minimum port number, which must not be greater than the maximum port number.
    Nested Schema : IngressSecurityRule
    Type: object
    A rule for allowing inbound IP packets.
    Show Source
    • Minimum Length: 1
      Maximum Length: 255
      An optional description of your choice for the rule.
    • IcmpOptions
      Optional and valid only for ICMP and ICMPv6. Use to specify a particular ICMP type and code as defined in: - [ICMP Parameters](http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml) - [ICMPv6 Parameters](https://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml) If you specify ICMP or ICMPv6 as the protocol but omit this object, then all ICMP types and codes are allowed. If you do provide this object, the type is required and the code is optional. To enable MTU negotiation for ingress internet traffic via IPv4, make sure to allow type 3 ("Destination Unreachable") code 4 ("Fragmentation Needed and Don't Fragment was Set"). If you need to specify multiple codes for a single type, create a separate security list rule for each.
    • A stateless rule allows traffic in one direction. Remember to add a corresponding stateless rule in the other direction if you need to support bidirectional traffic. For example, if ingress traffic allows TCP destination port 80, there should be an egress rule to allow TCP source port 80. Defaults to false, which means the rule is stateful and a corresponding rule is not necessary for bidirectional traffic.
    • The transport protocol. Specify either all or an IPv4 protocol number as defined in [Protocol Numbers](http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml). Options are supported only for ICMP ("1"), TCP ("6"), UDP ("17"), and ICMPv6 ("58").
    • This is the range of IP addresses that a packet coming into the instance can come from. The following values are allowed:
    • An IP address range in CIDR notation. For example: 192.168.1.0/24 or 2001:0db8:0123:45::/56
    • The cidrBlock value for a Service, if you're setting up a security list rule for traffic coming from a particular Service through a service gateway.
  • Default Value: CIDR_BLOCK
    Allowed Values: [ "CIDR_BLOCK", "SERVICE_CIDR_BLOCK" ]
    Type of source for the rule. The default is CIDR_BLOCK.
  • CIDR_BLOCK: If the rule's source is an IP address range in CIDR notation.
  • SERVICE_CIDR_BLOCK: If the rule's source is the cidrBlock value for a Service (the rule is for traffic coming from a particular Service through a service gateway).
  • TcpOptions
    Optional and valid only for TCP. Use to specify particular destination ports for TCP rules. If you specify TCP as the protocol but omit this object, then all destination ports are allowed.
  • UdpOptions
    Optional and valid only for UDP. Use to specify particular destination ports for UDP rules. If you specify UDP as the protocol but omit this object, then all destination ports are allowed.

    • 401 Response

    Unauthorized
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    404 Response

    Not Found
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    500 Response

    Internal Server Error
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.

    Default Response

    An error has occurred.
    Headers
    • Unique Oracle-assigned identifier for the request. If you need to contact Oracle about a particular request, please provide the request ID.
    Body ()
    Root Schema : Error
    Type: object
    The properties that define an error.
    Show Source
    • A short error code that defines the error, meant for programmatic parsing. See [API Errors](https://docs.us-phoenix-1.oraclecloud.com/Content/API/References/apierrors.htm).
    • A human-readable error string.
    Back to Top