Creating an Address List

Create a list of IPv4, IPv6 or FQDN addresses you can use to build rules in a Network Firewall policy.

Before you can create an address list in a policy, you must first create a policy.

You can specify individual IPv4 or IPv6 IP addresses, or use CIDR blocks in an IP address list. Each address is entered on its own line within the list.

Note

FQDN  addresses are only available for specific use cases. To use FQDN addresses for address lists, Create a service request.

Each address list can contain a maximum of 1,000 addresses. You can create a maximum of 20,000 IP address lists and 2,000 FQDN address lists in a policy. See Creating Network Firewall Policy Components for more information.

You can create address lists one at a time using the following instructions, or you can import many at once using a .json file. See Bulk Importing Network Firewall Policy Components more information.

    1. Open the navigation menu and click Identity & Security. Under Firewalls, click Network Firewall Policies.
    2. Click on a policy in the list.
    3. In Policy resources, click on Address lists.
    4. Click Create address list.
    5. Enter a friendly name for the address list. Avoid entering confidential information.
    6. Choose an Address type. An IP address list can use IPv4 or IPv6 addresses or CIDR blocks. An FQDN uses fully-qualified domain name (FQDN) addresses. You can't mix IP addresses and FQDN addresses in the same list.
    7. Enter a maximum of 1,000 addresses, one on each line.
    8. Click Create address list.
  • Use the network-firewall address-list create command and required parameters to create an address list:

    oci network-firewall address-list create 
    --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID
    --total-addresses integer --addresses '["address_1", "address_2"]' [OPTIONS]

    For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

  • Run the CreateAddressList operation to create an address list.