Default network security lists should restrict all non ICMP traffic
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
Description
Security lists provide stateful and stateless filtering of ingress and egress network traffic to OCI resources on a subnet level. Default security lists should restrict all non-ICMP traffic from 0.0.0.0/0 (IPv4) and ::/0 (IPv6) to prevent unauthorized access. This rule specifically targets default security lists and ensures they do not allow unrestricted ingress from any IP address (0.0.0.0/0 or ::/0) for non-ICMP protocols, nor allow unrestricted egress to any destination (0.0.0.0/0 or ::/0) for all protocols. Non-default security lists are automatically skipped from this evaluation.
Remove or modify ingress security rules in default security lists that allow non-ICMP traffic from 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Remove or modify egress security rules that allow traffic to 0.0.0.0/0 (IPv4) or ::/0 (IPv6). Instead, restrict access to specific IP ranges or use VPN connections. For guidance on configuring network security lists, refer to the Updating Rules in a Security List section of the Oracle Cloud Infrastructure documentation.
