Summary
Security lists are firewall rules that apply to all VNICs in a subnet. Network Security Groups are firewall rules for a group of VNICs.
Reference
Security List
The help text for the oci network security-list create says:
Creates a new security list for the specified VCN. For more information about security lists, see Security Lists. For information on the number of rules you can have in a security list, see Service Limits.
For the purposes of access control, you must provide the OCID of the compartment where you want the security list to reside. Notice that the security list doesn’t have to be in the same compartment as the VCN, subnets, or other Networking Service components. If you’re not sure which compartment to use, put the security list in the same compartment as the VCN. For more information about compartments and access control, see Overview of the IAM Service . For information about OCIDs, see Resource Identifiers.
You may optionally specify a display name for the security list, otherwise a default is provided. It does not have to be unique, and you can change it. Avoid entering confidential information.
Network Security Group
Network Security Groups (NSGs) consist of two (2) parts:
- Set of VNICs
- Security rules (both ingress and egress)
A NSG can be specified as either as source or destination in a security rule thereby giving a finer-grain control than a security list. A NSG can expand with the launch of a compute instance.