Oracle Listener Security New ORACLE 12.2 Firewall Feature
Service-Level ALCs is a new feature of the 12.2 Listener that allows every database service to have its own ACL. The ACL must be based on IP addresses and this feature allows multitenant pluggable databases (PDBs) to each have an ACL enforced by the Listener. This is because each PDB is a unique service registered in the Listener.
To implement this feature a new parameter FIREWALL must be used and has the following options:
- (FIREWALL=ON) - This enables strict ACL validation (whitelist-based approach) of all connections based on the ACLs. If no ACLs are configured for a service, all connections are rejected.
- FIREWALL is not set (defined for service) – This is a mixed mode. If an ACL is configured for a service, it will be enforced. If no ACL is defined, all connections will be accepted.
- (FIREWALL=OFF) No validation (No ACLs enforced) and all connections are accepted
For more information refer to: http://docs.oracle.com/database/122/NETAG/configuring-and-administering-oracle-net-listener.htm#NETAG0102
If you have questions, please contact us at firstname.lastname@example.org
-Michael Miller, CISSP-ISSMP, CCSP, CCSK