Basic Oracle Cloud Firewall Guide: Difference between revisions

From pisswiki
No edit summary
No edit summary
 
Line 49: Line 49:
It should look like this when done: https://i.imgur.com/oFjS0E1.png
It should look like this when done: https://i.imgur.com/oFjS0E1.png
   
   
If you installed the oracle distro
Further Firewall opening for Ubuntu Servers:
 
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6667/tcp
 
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6697/tcp
 
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6900/tcp
 
* sudo firewall-cmd --reload
 
Further Firewall opening:
   
   
* Inside the SSH Prompt for Ubuntu servers:
* Inside the SSH Prompt:
   
   
* IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
* IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
Line 85: Line 75:
Do this:
Do this:
   
   
* iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
* sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
   
   
'''If you installed the Oracle distro:'''
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6667/tcp
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6697/tcp
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6900/tcp
* sudo firewall-cmd --reload
That SHOULD do it at least for IPv4.
That SHOULD do it at least for IPv4.

Latest revision as of 07:12, 23 February 2023

Oracle Cloud Firewall How To.

(Dumped here from the Pastebin in case it gets removed)

Inside the WebAdmin App:

  • Hamburger Menu > Pinned Links > Compute / Instances
  • Click on your instance name
  • Under Primary VINC
  • Click on the Subnet: link
  • Under Security Lists
  • Click on Default Security List for subnet name
  • Under Ingress Rules
  • Click Add Ingress Rules

For each Rule:

  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 6667
  • Click "Add Ingress Rules"
  • and click Add Ingress Rules again...
  • Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
  • Repeat the above but with ::/0 for Source CIDR for IPv6

It should look similar to this when done: https://i.imgur.com/SzPFQha.png

  • You may need to click under "Resources" in the sidebar and "Egress Rules"
  • and add two Egress Rules.
  • One for Destination CIDR: 0.0.0.0/0
  • And one for Destination CIDR: ::/0

It should look like this when done: https://i.imgur.com/oFjS0E1.png

Further Firewall opening for Ubuntu Servers:

  • Inside the SSH Prompt:
  • IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
  • sudo nano /etc/iptables/rules.v4
  • Remove these two lines
  • -A INPUT -j REJECT --reject-with icmp-host-prohibited
  • -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  • Save.

Then:

  • sudo iptables -L INPUT
  • If this still shows:

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Do this:

  • sudo iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited


If you installed the Oracle distro:

  • sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp
  • sudo firewall-cmd --reload


That SHOULD do it at least for IPv4.