Creating a Security List
Create a security list in a Virtual Cloud Network (VCN).
A security list is a virtual firewall used to control traffic at the packet level. For important information about how security lists work, see Security Lists.
A security list uses security rules. For important information about how security rules work, and a general comparison of security lists and network security groups (an optional virtual firewall), see Security Rules.
When you create a subnet, you must associate at least one security list with it. It can be either the VCN's default security list or another security list that you already created (for the maximum number, see Service Limits). You can change which security lists the subnet uses at any time.
You can optionally assign a friendly name to the security list during creation. It doesn't have to be unique, and you can change it later. Oracle automatically assigns the security list a unique identifier called an Oracle Cloud ID (OCID). For more information, see Resource Identifiers.
The security list is created and then displayed on the Security Lists page in the compartment that you chose. You can now specify this security list when creating or updating a subnet.
When you view all the rules in a security list, notice that any stateless rules in the list are shown above any stateful rules. Stateless rules in the list take precedence over stateful rules. In other words, if there's traffic that matches both a stateless rule and a stateful rule across all the security lists associated with the subnet, the stateless rule takes precedence and the connection isn't tracked.
Use the network security-list create command and required parameters to create a security list:
oci network security-list create --compartment-id compartment-ocid --vcn-id vcn-ocid [--egress-security-rules | --ingress-security-rules] rules... [OPTIONS]
For a complete list of flags and variable options for CLI commands, see the CLI Command Reference.
Run the CreateSecurityList operation to create a security list.