nsg
***


Description
===========

A *network security group* (NSG) provides virtual firewall rules for a
specific set of VNICs in a VCN. Compare NSGs with SecurityLists, which
provide virtual firewall rules to all the VNICs in a *subnet*.

A network security group consists of two items:

   * The set of VNICs that all have the same security rule needs (for
     example, a group of Compute instances all running the same
     application)   * A set of NSG SecurityRules that apply to the
     VNICs in the group

After creating an NSG, you can add VNICs and security rules to it. For
example, when you create an instance, you can specify one or more NSGs
to add the instance to (see >>``<<CreateVnicDetails <https://docs.clo
ud.oracle.com/api/#/en/iaas/latest/CreateVnicDetails/>`__)`. Or you
can add an existing instance to an NSG with >>``<<UpdateVnic
<https://docs.cloud.oracle.com/en-us/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/network/vnic/update.html>`__`.

To add security rules to an NSG, see
>>``<<AddNetworkSecurityGroupSecurityRules
<https://docs.cloud.oracle.com/en-us/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/network/nsg/rules/add.html>`__`.

To list the VNICs in an NSG, see >>``<<ListNetworkSecurityGroupVnics
<https://docs.cloud.oracle.com/en-us/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/network/nsg/vnics/list.html>`__`.

To list the security rules in an NSG, see
>>``<<ListNetworkSecurityGroupSecurityRules
<https://docs.cloud.oracle.com/en-us/iaas/tools/oci-
cli/latest/oci_cli_docs/cmdref/network/nsg/rules/list.html>`__`.

For more information about network security groups, see >>``<<Network
Security Groups <https://docs.cloud.oracle.com/iaas/Content/Network/C
oncepts/networksecuritygroups.htm>`__`.

**Important:** Oracle Cloud Infrastructure Compute service images
automatically include firewall rules (for example, Linux iptables,
Windows firewall). If there are issues with some type of access to an
instance, make sure all of the following are set correctly:

   * Any security rules in any NSGs the instance’s VNIC belongs to   *
     Any >>``<<SecurityLists <https://docs.cloud.oracle.com/api/#/en/
     iaas/latest/SecurityList/>`__` associated with the instance’s
     subnet   * The instance’s OS firewall rules

To use any of the API operations, you must be authorized in an IAM
policy. If you’re not authorized, talk to an administrator. If you’re
an administrator who needs to write policies to give users access, see
Getting Started with Policies.


Available Commands
==================

* change-compartment

* create

* delete

* get

* list

* rules

  * add

  * list

  * remove

  * update

* update

* vnics

  * list
