How To Assigning An IP To An ACL

In this example we will assign a new ip/web address to an ACL that already exists. First of all let’s see what’s on the list, for this run the following query;

PAYP*ANTO> COLUMN ACL FORMAT A50
PAYP*ANTO> COLUMN HOST FORMAT A50
PAYP*ANTO> SELECT ACL, HOST, LOWER_PORT, UPPER_PORT FROM DBA_NETWORK_ACLS;

ACL                                          HOST                                               LOWER_PORT UPPER_PORT
____________________________________________ __________________________________________________ __________ __________
/sys/acls/visa_acl.xml                       10.300.202.25                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.46                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.47                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.81                                      ø          ø

4 filas seleccionadas.

In this case it returned four directions. Now let’s allow the ip 10.300.202.95, for it we’ll use DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL package as shown in the following example;

BEGIN
  DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL (
    acl         => 'visa_acl.xml',
    host        => '10.300.202.95',
    lower_port  => NULL,
    upper_port  => NULL);

  COMMIT;
END;
/

There is no restriction on ports, so we set lower_port and upper_port to null. Rerun the query from above;

PAYP*ANTO> SELECT ACL, HOST, LOWER_PORT, UPPER_PORT FROM DBA_NETWORK_ACLS;

ACL                                          HOST                                               LOWER_PORT UPPER_PORT
____________________________________________ __________________________________________________ __________ __________
/sys/acls/visa_acl.xml                       10.300.202.95                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.25                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.46                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.47                                      ø          ø
/sys/acls/visa_acl.xml                       10.300.202.81                                      ø          ø

5 filas seleccionadas.

 

For delete an ACL entry you must use the DBMS_NETWORK_ACL_ADMIN package with UNASSIGN_ACL procedure, like show below;

BEGIN
  DBMS_NETWORK_ACL_ADMIN.UNASSIGN_ACL(acl => 'visa_acl.xml',host => '10.300.230.31');
END;
/
COMMIT;

HTH – Antonio NAVARRO

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s