oci_adm_knowledge_baseoci_adm_vulnerability_auditoci_ai_anomaly_detection_ai_private_endpointoci_ai_anomaly_detection_data_assetoci_ai_anomaly_detection_modeloci_ai_anomaly_detection_projectoci_analytics_instanceoci_apigateway_apioci_application_migration_migrationoci_application_migration_sourceoci_artifacts_container_imageoci_artifacts_container_image_signatureoci_artifacts_container_repositoryoci_artifacts_generic_artifactoci_artifacts_repositoryoci_autoscaling_auto_scaling_configurationoci_autoscaling_auto_scaling_policyoci_bastion_bastionoci_bastion_sessionoci_bds_bds_instanceoci_budget_alert_ruleoci_budget_budgetoci_certificates_authority_bundleoci_certificates_management_associationoci_certificates_management_ca_bundleoci_certificates_management_certificateoci_certificates_management_certificate_authorityoci_certificates_management_certificate_authority_versionoci_certificates_management_certificate_versionoci_cloud_guard_configurationoci_cloud_guard_detector_recipeoci_cloud_guard_managed_listoci_cloud_guard_responder_recipeoci_cloud_guard_targetoci_container_instances_containeroci_container_instances_container_instanceoci_containerengine_clusteroci_core_block_volume_replicaoci_core_boot_volumeoci_core_boot_volume_attachmentoci_core_boot_volume_backupoci_core_boot_volume_metric_read_opsoci_core_boot_volume_metric_read_ops_dailyoci_core_boot_volume_metric_read_ops_hourlyoci_core_boot_volume_metric_write_opsoci_core_boot_volume_metric_write_ops_dailyoci_core_boot_volume_metric_write_ops_hourlyoci_core_boot_volume_replicaoci_core_cluster_networkoci_core_dhcp_optionsoci_core_drgoci_core_imageoci_core_image_customoci_core_instanceoci_core_instance_configurationoci_core_instance_metric_cpu_utilizationoci_core_instance_metric_cpu_utilization_dailyoci_core_instance_metric_cpu_utilization_hourlyoci_core_internet_gatewayoci_core_load_balanceroci_core_local_peering_gatewayoci_core_nat_gatewayoci_core_network_load_balanceroci_core_network_security_groupoci_core_public_ipoci_core_public_ip_pooloci_core_route_tableoci_core_security_listoci_core_service_gatewayoci_core_subnetoci_core_vcnoci_core_vnic_attachmentoci_core_volumeoci_core_volume_attachmentoci_core_volume_backupoci_core_volume_backup_policyoci_core_volume_default_backup_policyoci_core_volume_groupoci_database_autonomous_databaseoci_database_autonomous_db_metric_cpu_utilizationoci_database_autonomous_db_metric_cpu_utilization_dailyoci_database_autonomous_db_metric_cpu_utilization_hourlyoci_database_autonomous_db_metric_storage_utilizationoci_database_autonomous_db_metric_storage_utilization_dailyoci_database_autonomous_db_metric_storage_utilization_hourlyoci_database_cloud_vm_clusteroci_database_dboci_database_db_homeoci_database_db_systemoci_database_exadata_infrastructureoci_database_pluggable_databaseoci_database_software_imageoci_devops_projectoci_devops_repositoryoci_dns_rrsetoci_dns_tsig_keyoci_dns_zoneoci_events_ruleoci_file_storage_file_systemoci_file_storage_mount_targetoci_file_storage_snapshotoci_functions_applicationoci_functions_functionoci_identity_api_keyoci_identity_auth_tokenoci_identity_authentication_policyoci_identity_availability_domainoci_identity_compartmentoci_identity_customer_secret_keyoci_identity_db_credentialoci_identity_domainoci_identity_dynamic_groupoci_identity_groupoci_identity_network_sourceoci_identity_policyoci_identity_tag_defaultoci_identity_tag_namespaceoci_identity_tenancyoci_identity_useroci_kms_keyoci_kms_key_versionoci_kms_vaultoci_logging_logoci_logging_log_groupoci_logging_searchoci_mysql_backupoci_mysql_channeloci_mysql_configurationoci_mysql_configuration_customoci_mysql_db_systemoci_mysql_db_system_metric_connectionsoci_mysql_db_system_metric_connections_dailyoci_mysql_db_system_metric_connections_hourlyoci_mysql_db_system_metric_cpu_utilizationoci_mysql_db_system_metric_cpu_utilization_dailyoci_mysql_db_system_metric_cpu_utilization_hourlyoci_mysql_db_system_metric_memory_utilizationoci_mysql_db_system_metric_memory_utilization_dailyoci_mysql_heat_wave_clusteroci_network_firewall_firewalloci_network_firewall_policyoci_nosql_tableoci_nosql_table_metric_read_throttle_countoci_nosql_table_metric_read_throttle_count_dailyoci_nosql_table_metric_read_throttle_count_hourlyoci_nosql_table_metric_storage_utilizationoci_nosql_table_metric_storage_utilization_dailyoci_nosql_table_metric_storage_utilization_hourlyoci_nosql_table_metric_write_throttle_countoci_nosql_table_metric_write_throttle_count_dailyoci_nosql_table_metric_write_throttle_count_hourlyoci_objectstorage_bucketoci_objectstorage_objectoci_ons_notification_topicoci_ons_subscriptionoci_queue_queueoci_regionoci_resource_searchoci_resourcemanager_stackoci_streaming_streamoci_vault_secret
Table: oci_network_firewall_policy - Query OCI Networking Firewall Policies using SQL
A Firewall Policy in Oracle Cloud Infrastructure (OCI) Networking is a set of rules and actions that govern the traffic flow through gateways. It provides a secure and controlled environment for network applications. Firewall Policies are essential in maintaining the security and integrity of data in OCI Networking environments.
Table Usage Guide
The oci_network_firewall_policy table provides insights into Firewall Policies within OCI Networking. As a network administrator, you can explore policy-specific details through this table, including policy rules, actions, and associated metadata. Utilize it to uncover information about policies, such as those governing specific traffic, the actions associated with each policy, and the verification of policy rules.
Examples
Basic info
Explore the configuration and status of your network firewall policy. This information can help you assess the security rules and applications associated with your firewall, identify any mapped secrets, and determine whether the firewall is currently attached.
select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policy;select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policy;List network firewall policies created in the last 30 days
Explore the recently created network firewall policies to understand their configuration and status. This is helpful to monitor the recent changes and ensure the security rules, decryption profiles, and other settings are properly configured.
select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere time_created >= now() - interval '30' day;select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere time_created >= datetime('now', '-30 day');List network firewall policies with firewall attached
Determine the network firewall policies that have a firewall attached. This can help in identifying and managing the policies that are actively being implemented, thereby enhancing network security.
select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere is_firewall_attached;select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere is_firewall_attached;List network firewall policies without mapped secrets
Identify instances where network firewall policies are potentially vulnerable due to the absence of mapped secrets. This is crucial for enhancing security measures and avoiding unauthorized access.
select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere mapped_secrets is null;select id, display_name, application_lists, decryption_profiles, decryption_rules, ip_address_lists, is_firewall_attached, mapped_secrets, security_rules, url_lists, lifecycle_state as statefrom oci_network_firewall_policywhere mapped_secrets is null;Schema for oci_network_firewall_policy
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| application_lists | jsonb | A mapping of strings to arrays of Application objects. | |
| compartment_id | text | = | The OCID of the compartment in Tenant in which the resource is located. |
| decryption_profiles | jsonb | A mapping of strings to DecryptionProfile objects. | |
| decryption_rules | jsonb | List of Decryption Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. | |
| defined_tags | jsonb | Defined tags for resource. Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources. | |
| display_name | text | = | A user-friendly name for the Network Firewall Policy. |
| freeform_tags | jsonb | Free-form tags for resource. This tags can be applied by any user with permissions on the resource. | |
| id | text | = | The OCID of the Network Firewall Policy resource. |
| ip_address_lists | jsonb | Map defining IP address lists of the policy. The value of an entry is a list of IP addresses or prefixes in CIDR notation. The associated key is the identifier by which the IP address list is referenced. | |
| is_firewall_attached | boolean | To determine if any Network Firewall is associated with this Network Firewall Policy. | |
| lifecycle_details | text | A message describing the current state in more detail. | |
| lifecycle_state | text | = | The current state of the Network Firewall. |
| mapped_secrets | jsonb | A mapping of strings to MappedSecret objects. | |
| security_rules | jsonb | List of Security Rules defining the behavior of the policy. The first rule with a matching condition determines the action taken upon network traffic. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| tags | jsonb | A map of tags for the resource. | |
| tenant_id | text | =, !=, ~~, ~~*, !~~, !~~* | The OCID of the Tenant in which the resource is located. |
| time_created | timestamp with time zone | Time that Network Firewall Policy was created. | |
| title | text | Title of the resource. | |
| url_lists | jsonb | A mapping of strings to arrays of UrlPattern objects. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- ociYou can pass the configuration to the command with the --config argument:
steampipe_export_oci --config '<your_config>' oci_network_firewall_policy