Summary
You are able to block clients based on their IP address or hostname. This can be easily achieved by putting some lines to $TNS_ADMIN/sqlnet.ora file
First of all you put the parameter
tcp.validnode_checking = yes
This turns on the hostname/IP checking for your listeners. After this, you can supply lists of nodes to enable/disable, such:
tcp.invited_nodes = (hostA, hostB, hostC)
or
tcp.excluded_nodes = (192.168.10.3)
Note that if you only specify
invited nodes, all others will be excluded, so there is really no reason to do both. The same goes for
excluded nodes: exclude a list of clients, invite all others.
Tip: If you have
Oracle8i then you must put this parameters (tcp.validnode_checking, tcp.invited_nodes etc) to
$TNS_ADMIN/protocol.ora. If it does not exist, create it!
Example
For example if you have an Application consisted from:
1. Database node with host name DB1
2. Application server node with host name APPS1
3. Application server node with host name APPS2
4. Application server node with host name APPS3
And want a strict access only from the Application Servers or the Database Server you can add the following lines to sqlnet.ora file
tcp.validnode_checking = yes
tcp.invited_nodes = (DB1, APPS1, APPS2, APPS3)
Other links
Password protection for listener