After adding a public subnet in a VCN, to allow VM build executors access to the resources and services (such as a VM-based Database) running in the VCN's private subnet, configure the private subnet's security rules to allow incoming traffic from the public subnet used by VM executors.

1. Sign in to Oracle Cloud Console.
2. In the upper-left corner, click Navigation Menu .
3. Select Networking and select Virtual cloud networks.
4. On the Virtual Cloud Networks page, click the VCN.
5. On the VCN details page, click the Security tab.
6. Under Security Lists, click the private subnet's security list.
7. Click the Security rules tab and then click Add Ingress Rules.
   If you want to modify an existing rule, click the Actions icon (three dots), and then select Edit.
8. On the Add Ingress Rule page, in Source Type, select CIDR.
9. In Source CIDR, enter the VM executor's public subnet's CIDR range.
10. In Destination Port Range, enter the service's port number.
11. (Optional) In Description, add a description.
12. Click Add Ingress Rules.
13. If required, repeat steps 7-12 for each service's port.