I currently have a Database Firewall configured for one database and want to reject direct connections to that database and only allow connections from the firewall server.
On the same database server, running out of the same $ORACLE_HOME, are other databases not yet configured for Database Firewall, one of which is a Standby database.
All databases are running on the same listener.ora and sqlnet.ora.
The TNS_ADMINĀ environment variable is set to /etc in .profile
I created another directory, $ORACLE_HOME/network/admin/tnsadmin, added a sqlnet.ora and softlinks to /etc/listener.ora and /etc/tnsnames.ora.
In this sqlnet.ora I added the parameters
TCP.VALIDNODE_CHECKING=yes
TCP.INVITED_NODES=(primary database IP, local host IP, database firewall IP)
I bounced the database, setting the TNS_ADMIN variable just before startup.
export TNS_ADMIN=/opt/oracle/product/11.4dev/network/admin/tnsadmin
I verified variables usingĀ cat /proc/<pmon pid >/environ
Then stopped and started the listener. no errors
Direct connections are still going through. Next Steps?
Is there a way to see what was passed to the listener during dynamic registration?
Would static registration be an reasonable option here?