Create an Address List
Create a list of IPv4, IPv6 or FQDN addresses you can use to build rules in a firewall policy.
You can specify individual IPv4 or IPv6 IP addresses, or use CIDR blocks in an IP address list. Each address is entered on its own line within the list.
- Publicly resolvable FQDNs are supported. Private FQDNs aren't supported.
- Regex support isn't available for FQDNs.
- FQDN based filtering is supported when the count of IP addresses that an FQDN can resolve is less than or equal to 32.
You can configure a maximum of 20,000 IP addresses (or CIDRs) and 2,000 FQDNs across all address lists within a policy. Each individual address list can hold up to 1,000 addresses, but the total IP addresses across all lists must not exceed 20,000, and the total FQDNs must not exceed 2,000. You can create up to 20,000 address lists, as long as you adhere to these specified address limits.
To import multiple address lists using a .json file, see Import Firewall Policy Components.
- Select that compartment that contains the policy that you want to create the application in.
- Select the policy.
- On the details page, select the Address lists tab.
- Select Create address list.
- Enter a name for the address list. Avoid entering confidential information.
- Select an address type. An IP address list can use IPv4 or IPv6 addresses or CIDR blocks. An FQDN uses fully-qualified domain name (FQDN) addresses. You can't mix IP addresses and FQDN addresses in the same list.
- Enter a maximum of 1,000 addresses, one on each line.
- Select Create address list.
Use the network-firewall address-list create command and required parameters to create an address list:
oci network-firewall address-list create --network-firewall-policy-id network firewall policy OCID --compartment-id compartment OCID --total-addresses integer --addresses '["address_1", "address_2"]' [OPTIONS]For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Run the CreateAddressList operation to create an address list.