Oracle restrict connected IP addresses

Oracle restrict connected IP addresses

In Oracle, you can control which IP addresses can connect to the database and which IP addresses cannot connect to the database. In 9i and later, setting the allowed IP address and the prohibited IP address is the best and fastest way to modify sqlnet. ora.

1. Modify the sqlnet. ora File

In oracle of linux, the file sqlnet. ora is not used by default.
$ Cd $ ORACLE_HOME/network/admin
$ Vi sqlnet. ora
# Add the following parts
Tcp. validnode_checking = yes

# IP addresses allowed for access
Tcp. invited_nodes = (192.168.100.252, 192.168.100.253)

# IP addresses that are not allowed to access
Tcp. excluded_nodes = (192.168.100.222, 192.168.100.133)

2. Restart the listener.
$ Lsnrctl stop
$ Lsnrctl start

At this time, only clients with the IP address 192.168.100.252 and the IP address 192.168.100.253 can connect to the database. clients with the IP address 192.168.100.222 and the IP address 192.168.100.htm cannot connect to the database.

When clients of other IP addresses use PL/SQL to connect to the database, the following error is displayed:

Notes:
1. You must set the parameter YES to activate the service.
2. It is recommended that you set the IP addresses that are allowed to be accessed, because the IP addresses may be modified at will and cannot be used for your own purposes.
3. TCP overwrites the TCP. EXCLUDED_NODES setting when the TCP. INVITED_NODES and TCP. EXCLUDED_NODES parameters are the same.
4. the listener must be restarted to take effect.
5. This method is only applicable to the TCP protocol.
6. This configuration applies to 9i and later versions. Use the file protocol. ora in versions earlier than 9i.
7. directly connecting to the database on the server is not affected.
8. This method is restricted by the listener.
9. This restriction only applies to IP detection and is not supported for user name detection.