ORA-24247: Network Access denied access control list (ACL), ora-24247acl

ORA-24247: Network Access denied access control list (ACL), ora-24247acl
Zookeeper ORA-24247: Network Access denied access control list (ACL)
Note: The command must be used under the system user.
You must first use DBMS_NETWORK_ACL_ADMIN.CREATE_ACL to create an access control list (ACL ),
Use DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL to associate the ACL with the email server,
Finally, use DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE to grant the user the permission to connect to the mail server.

BEGIN
DBMS_NETWORK_ACL_ADMIN.CREATE_ACL (
Acl => 'email _ server_permissions.xml ',
Description => 'enables network permissions for the e-mail Server ',
Principal => 'apps ',
Is_grant => TRUE,
Privilege => 'connect ');
END;
/


BEGIN
DBMS_NETWORK_ACL_ADMIN.assign_acl (
Acl => 'email _ server_permissions.xml ',
Host => '127. 125.50.132 ', -- SMTP server address
Lower_port => 25,
Upper_port => NULL );
COMMIT;
END;
/

-- Drop
BEGIN
DBMS_NETWORK_ACL_ADMIN.drop_acl (acl => 'email _ server_permissions.xml ');
COMMIT;
END;
/

-- Query
SELECT host, lower_port, upper_port, acl FROM dba_network_acls;

SELECT acl,
Principal,
Privilege,
Is_grant,
TO_CHAR (start_date, 'dd-MON-YYYY ') AS start_date,
TO_CHAR (end_date, 'dd-MON-YYYY ') AS end_date
FROM dba_network_acl_privileges;
Acl Access Control List

1. The standard ACL is used only to view the source address to determine whether to allow or deny access.
For example. You are not allowed to access 172.16.3.0/24, but can access other network segments. Access-list 1 deny 172.16.4.0 0.0.0.255
Access-list 1 permit any
If you use this access list on f1/0, when the data reaches f1/0, it will check the Control List and find that the network segment is rejected, then the route directly discards the data packet. In this way, 172.16.3.0/24 cannot access any CIDR block. Therefore, it is necessary to use the interface close to the target. When f1/1 data arrives at the interface, only packages from 172.16.3.0/24 will be discarded!

2.
(1) access-list 1 permit 172.16.0.0 0.0.255.255
Interface f1/0
Access-group 1 out
Interface f1/1
Access-group 1 out
(2) access-list 1 deny host 172.16.4.13
Access-list 1 permit any
Interface f1/0
Access-group 1 out
(3) access-list 1 deny 172.16.4.0 0.0.0.255
Access-list 1 permit any
Interface f1/0
Access-group 1 out

Access Control List (acl)

Hello!

There are many types of ACLs (access control lists). We usually use IP address-based ACLs. There are two simple types of ACLs. One is standard ACL, which defines the list numbers of standard ACLs as 1 ~ 99, and another extended ACL, the list number is 100 ~ 199. The preceding requirement is that the extended ACL can be used. 130 number belongs to the extended ACL, and 30 belongs to the standard ACL list number.

Note:

Standard ACL, numbered 1 ~ 99, which defines the access permission based on the source IP address.

Extended ACL, No. 100 ~ 199. Define access permissions based on the source IP address, destination IP address, Destination Protocol, and destination port number.

Below:

Access-list 130 deny udp any eq 1434 // reject access from UDP port 1434 of any source or destination address
Access: list 130 deny tcp any eq 4444. // deny access to port 4444 of TCP protocol of any source or destination address
Access-list 130 permit ip any // allow all other communications.

A. Answer: The ACL number is incorrect. The ID of the extended ACL.

B. The answer is correct.

C. The ACL statement format is incorrect!

D. The ACL statement format is incorrect!

Hope you can understand it!