Changing the Default Oracle Enterprise Communications Broker Behavior

The Oracle Enterprise Communications Broker automatically creates permit untrusted ACLs that let all sources (address prefix of 0.0.0.0/0) reach each configured realm’s signaling interfaces, regardless of the realm’s address prefix. To deny sources or classify them as trusted, you create static or dynamic ACLs, and the global permit untrusted ACL to specifically deny sources or classify them as trusted. Doing this creates a default permit-all policy with specific deny and permit ACLs based on the realm address prefix.

You can change that behavior by configuring static ACLs for realms with the same source prefix as the realm’s address prefix; and with the trust level set to the same value as the realm. Doing this prevents the permit untrusted ACLs from being installed. You then have a default deny all ACL policy with specific static permit ACLs to allow packets into the system.