Block specific IP from connecting to database
                                                 Last update (2011-01-25 14:45:23)
                                                                                                                   Date added (2008-02-25 22:04:36)

Summary
You are able to block clients based on their IP address or hostname. This can be easily achieved by putting some lines to $TNS_ADMIN/sqlnet.ora file

First of all you put the parameter

tcp.validnode_checking = yes

This turns on the hostname/IP checking for your listeners. After this, you can supply lists of nodes to enable/disable, such:

tcp.invited_nodes = (hostA, hostB, hostC)
or
tcp.excluded_nodes = (192.168.10.3)

Note that if you only specify invited nodes, all others will be excluded, so there is really no reason to do both. The same goes for excluded nodes: exclude a list of clients, invite all others.

Tip: If you have Oracle8i then you must put this parameters (tcp.validnode_checking, tcp.invited_nodes etc) to $TNS_ADMIN/protocol.ora. If it does not exist, create it!

Example
For example if you have an Application consisted from:

1. Database node with host name DB1
2. Application server node with host name APPS1
3. Application server node with host name APPS2
4. Application server node with host name APPS3

And want a strict access only from the Application Servers or the Database Server you can add the following lines to sqlnet.ora file

tcp.validnode_checking = yes
tcp.invited_nodes = (DB1, APPS1, APPS2, APPS3)

Other links
Password protection for listener