sqlnet.ora文件在$ORACLE_HOME/network/admin 目录下,添加如下内容:
tcp.validnode_checking=yes
#允许访问的IP
tcp.invited_nodes=(ip1,ip2…)
#禁止访问的IP
tcp.excluded_nodes=(ip1,ip2…)
重启监听,生效!
只有配置tcp.validnode_checking=yes,其他两个参数配置才生效。tcp.invited_nodes和tcp.excluded_nodes可以同时使用,也可以单独使用。
二、相关参数说明
相关参数:
TCP.VALIDNODE_CHECKING、TCP.INVITED_NODES、TCP.EXCLUDED_NODES
官方文档说明:
TCP.VALIDNODE_CHECKING
Purpose :
To enable and disable valid node checking for incoming connections. If this parameter is set to yes, then incoming connections are allowed only if they originate from a node that conforms to list specified by TCP.INVITED_NODES or TCP.EXCLUDED_NODES parameters.
Usage Notes :
The TCP.INVITED_NODES and TCP.EXCLUDED_NODES parameters are valid only when the TCP.VALIDNODE_CHECKING parameter is set to yes.
Example:
TCP.VALIDNODE_CHECKING=yes
TCP.INVITED_NODES
Purpose :
To specify which clients are allowed access to the database. This list takes
precedence over the TCP.EXCLUDED_NODES parameter if both lists are present.
TCP.INVITED_NODES优先级高于TCP.EXCLUDED_NODES。
Syntax:
TCP.INVITED_NODES=(hostname | ip_address, hostname | ip_address, ...)
Usage Notes:
This parameter is only valid when the TCP.VALIDNODE_CHECKING parameter is set to yes.
This parameter can use wildcards for IPv4 addresses and CIDR notation for IPv4 and IPv6 addresses.
Example:
TCP.INVITED_NODES=(sales.us.example.com, hr.us.example.com, 192.168.*, 2001:DB8:200C:433B/32)
TCP.EXCLUDED_NODES
Purpose :
To specify which clients are denied access to the database.
Syntax:
TCP.EXCLUDED_NODES=(hostname | ip_address, hostname | ip_address, ...)
Usage Notes :
This parameter is only valid when the TCP.VALIDNODE_CHECKING parameter is set to yes.
This parameter can use wildcards for IPv4 addresses and CIDR (Classless Inter-Domain Routing) notation for IPv4 and IPv6 addresses.
Example:
TCP.EXCLUDED_NODES=(finance.us.example.com, mktg.us.example.com, 192.168.2.25, 172.30.*, 2001:DB8:200C:417A/32)
三、测试
测试后,并未发现网上所说的需要在TCP.INVITED_NODES中添加数据库服务器IP,
oracle数据库层面限制IP访问
标签:
