Managing Network Security Group Rules

• Console
• CLI
• API

• 1. In the Compute Cloud@Customer Console navigation menu, click Networking, then click Virtual Cloud Networks.

  2. At the top of the page, select the compartment that contains the VCN in which you want to create a subnet.

  3. Click the name of the VCN for which you want to manage rules in an NSG.

     The VCN details page is displayed.

  4. Under Resources, click Network Security Groups.

  5. In the list of NSGs, click the name of the NSG for which you want to manage rules. The NSG details page is displayed.

  6. Under Resources, click Security Rules.

  7. You can add, edit, and delete rules.

     • To add a rule, click Create Security Rules. To add one or more ingress rules, click +New Rule in the Allow Rules for Ingress box. To add one or more egress rules, click +New Rule in the Allow Rules for Egress box. Enter the following information:

       • Stateless: If you want the new rule to be stateless, check this box. By default, security list rules are stateful and apply to both a request and its coordinated response.

       • CIDR: The CIDR block for the ingress or egress traffic.

       • IP Protocol: The rule can apply to all IP protocols, or choices such as ICMP, TCP, or UDP. Select the protocol from the drop-down list.

         • Port Range: For some protocols, such as TCP or UDP, you can supply a source port range and destination port range.

         • Parameter Type and Code: For ICMP, you can select a parameter type and corresponding parameter code.

       • Description: An optional description of the rule. Avoid entering confidential information.

     • To edit a rule, click the Actions menu () for the Egress or Ingress rule, click Edit, make the necessary changes, and then click Update.

     • To delete a rule, click the Actions menu () for the Egress or Ingress rule, click Remove, and then click Confirm. While you're editing a rule, click the trash can icon to delete the rule.

• Use these CLI commands to manage NSG rules:

  • Use the oci network nsg rules add command and required parameters to add one or more security rules to the specified network security group.

    Copy

    oci network nsg rules add [OPTIONS]

  • Use the oci network nsg rules list command and required parameters to list the security rules in the specified network security group.

    Copy

    oci network nsg rules list [OPTIONS]

  • Use the oci network nsg rules update command and required parameters to update one or more security rules in the specified network security group.

    Copy

    oci network nsg rules update [OPTIONS]

  • Use the oci network nsg rules remove command and required parameters to remove one or more security rules from the specified network security group.

    Copy

    oci network nsg rules remove [OPTIONS]

  For a complete list of CLI commands, flags, and options, see the Command Line Reference.

• Use the AddNetworkSecurityGroupSecurityRules operation to add one or more security rules to the specified network security group.

  Use the ListNetworkSecurityGroupSecurityRules operation to list the security rules in the specified network security group.

  Use the UpdateNetworkSecurityGroupSecurityRules operation to update one or more security rules in the specified network security group.

  Use the RemoveNetworkSecurityGroupSecurityRules operation to remove one or more security rules from the specified network security group.

  For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.