How to modify ingress and egress rule for OCI instance

Published July 30, 2025, 5:40 a.m. by cloudblog

To modify ingress and egress rules for an OCI (Oracle Cloud Infrastructure) instance,  typically need to update the Network Security Group (NSG) or Security List associated with the subnet or instance. Here's a step-by-step guide for both options:

🔹 Option 1: Using Security Lists (for subnet-level rules)

📍 Step 1: Navigate to VCN

  1. Log in to the OCI Console.

  2. Go to Networking > Virtual Cloud Networks.

  3. Choose your VCN.

  4. Click on the Subnet where your instance resides.

📍 Step 2: Open Security List

  1. In the subnet details, scroll to Security Lists.

  2. Click on the security list (default or custom one).

📍 Step 3: Modify Rules

  • To add an ingress rule (incoming traffic):

    1. Click Add Ingress Rules.

    2. Define:

      • Source Type: CIDR or Security Group

      • Source CIDR (e.g., 0.0.0.0/0 for open access)

      • Protocol (e.g., TCP)

      • Destination Port Range (e.g., 22 for SSH)

      • Optional: Description

    3. Click Add Ingress Rules.

  • To add an egress rule (outgoing traffic):

    1. Click Add Egress Rules.

    2. Define:

      • Destination Type: CIDR or Security Group

      • Destination CIDR (e.g., 0.0.0.0/0)

      • Protocol (e.g., TCP)

      • Destination Port Range

      • Optional: Description

    3. Click Add Egress Rules.

🔹 Option 2: Using Network Security Groups (NSG)

If instance is using NSGs (more fine-grained, instance-level rules):

📍 Step 1: Go to Compute > Instances

  1. Navigate to your instance details.

  2. Click on the Attached VNIC.

  3. Note the NSG attached to the VNIC.

📍 Step 2: Modify NSG Rules

  1. Go to Networking > Network Security Groups.

  2. Select the NSG linked to your instance.

  3. Under Security Rules, click Add Ingress Rule or Add Egress Rule.

  4. Fill in:

    • Direction: Ingress / Egress

    • Protocol: e.g., TCP

    • Source/Destination CIDR

    • Port Range

    • Optional: Description

  5. Click Add Security Rule.

✅ Example: Allow SSH Access (Port 22)

  • Source CIDR: 0.0.0.0/0 (open to all, not recommended for production)

  • Protocol: TCP

  • Port Range: 22

  • Add this as an Ingress rule.

🛡️ Tips:

  • Use NSGs for more granular, instance-level security.

  • Always follow least privilege principle: restrict access to known IPs.

  • May need to open ports in the OS firewall (like firewalld or ufw) too.

 

Share this post

Similar posts

How to login OCI with different tenancy

1 comment

Comment 1 by vijomtxffi Aug. 6, 2025, 2:58 a.m.

gsmunsmxytspkskijrhtitinviexqs

Add a new comment