System Access Control
You can configure a system access control list (ACL) for your Oracle Communications Session Border Controller that determines what traffic the Oracle Communications Session Border Controller allows over its management interface (wancom0). By specifying who has access to the Oracle Communications Session Border Controller via the management interface, you can provide DoS protection for this interface.
Using a list of IP addresses and subnets that are allowable as packet sources, you can configure what traffic the Oracle Communications Session Border Controller accepts and what it denies. All IP packets arriving on the management interface are subject; if it does not match your configuration for system ACL, then the Oracle Communications Session Border Controller drops it.
Note:
All IP addresses configured in the SNMP community table are automatically permitted.Adding an ACL for the Management Interface
The new subconfiguration system-access-list is now part of the system configuration, and its model is similar to host routes. For each entry, you must define an IP destination address and mask; you can specify either the individual host or a unique subnet.
If you do not configure this list, then there will be no ACL/DoS protection for the Oracle Communications Session Border Controller’s management interface.
You access the system-access-list via system path, where you set an IP address and netmask. You can configure multiple system ACLs using this configuration.
To add an ACL for the management interface:
Notes on Deleting System ACLs
If you delete a system ACL from your configuration, the Oracle Communications Session Border Controller checks whether or not there are any active SFTP or SSH client was granted access when the entry was being removed. If such a client were active during ACL removal, the Oracle Communications Session Border Controller would warn you about the condition and ask you to confirm the deletion. If you confirm the deletion, then the Oracle Communications Session Border Controller’s session with the active client is suspended.
The following example shows you how the warning message and confirmation appear. For this example, and ACLI has been deleted, and the user is activating the configuration that reflects the change.
ORACLE # activate-config
Object deleted will cause service disruption:
system-access-list: identifier=172.30.0.24
** WARNING: Removal of this system-ACL entry will result
in the lockout of a current SFTP client
Changes could affect service, continue (y/n) y
Activate-Config received, processing.