In the Cloud Oracle network management panel (Networking > Virtual cloud networks > vcn-1234-xxxx > Subnet Details), when editing Ingress and Egress rules, there is a Stateless
attribute. Its function is also clearly described in the help document.在 Cloud Oracle 的网络管理面板上,添加入站出站规则的时候,有一个 Stateless 的属性。The Oracle help document describes this attribute quite clearly.
- 如果一条入站策略是有状态的,那么系统就会监控这条策略的入站流量,它的出站流量会自动被放行。
- 但如果一条入站策略是无状态的,那么系统就无法知道哪个是它对应的出站流量,就无法放行;此时必须手工设置一条对于的出站策略。
However, I tried to set a policy to be stateless, and its outbound traffic was still allowed. It’s actually because Oracle’s default Egress Rules has a policy allowing all outbound traffic.
但我试了一下,把一个策略设置成无状态的,它的出站流量还是被允许放行了。其实是因为 Oracle 的默认安全策略里面,有一条允许所有出站流量的策略。