(Created page with "Oracle Cloud Firewall How To. (Dumped here from the Pastebin in case it gets removed) Inside the WebAdmin App: Hamburger Menu > Pinned Links > Compute / Instances Click...") |
No edit summary |
||
Line 5: | Line 5: | ||
Inside the WebAdmin App: | Inside the WebAdmin App: | ||
Hamburger Menu > Pinned Links > Compute / Instances | * Hamburger Menu > Pinned Links > Compute / Instances | ||
Click on your instance name | * Click on your instance name | ||
Under Primary VINC | * Under Primary VINC | ||
Click on the Subnet: link | * Click on the Subnet: link | ||
Under Security Lists | * Under Security Lists | ||
Click on Default Security List for subnet name | * Click on Default Security List for subnet name | ||
Under Ingress Rules | * Under Ingress Rules | ||
Click Add Ingress Rules | * Click Add Ingress Rules | ||
For each Rule: | For each Rule: | ||
Source CIDR: 0.0.0.0/0 | * Source CIDR: 0.0.0.0/0 | ||
IP Protocol: TCP | * IP Protocol: TCP | ||
Destination Port Range: 6667 | * Destination Port Range: 6667 | ||
Click "Add Ingress Rules" | * Click "Add Ingress Rules" | ||
and click Add Ingress Rules again... | * and click Add Ingress Rules again... | ||
Fill in the fields as before but for the following destination port ranges each time: 6697, 6900 | * Fill in the fields as before but for the following destination port ranges each time: 6697, 6900 | ||
Repeat the above but with ::/0 for Source CIDR for IPv6 | * Repeat the above but with ::/0 for Source CIDR for IPv6 | ||
It should look similar to this when done: | It should look similar to this when done: https://i.imgur.com/SzPFQha.png | ||
* You may need to click under "Resources" in the sidebar and "Egress Rules" | |||
* and add two Egress Rules. | |||
* One for Destination CIDR: 0.0.0.0/0 | |||
* And one for Destination CIDR: ::/0 | |||
And one for Destination CIDR: ::/0 | |||
It should look like this when done: https://i.imgur.com/oFjS0E1.png | It should look like this when done: https://i.imgur.com/oFjS0E1.png | ||
If you installed the oracle distro | |||
sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp | |||
sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp | * sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp | ||
sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp | |||
sudo firewall-cmd --reload | * sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp | ||
* sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp | |||
* sudo firewall-cmd --reload | |||
Further Firewall opening: | Further Firewall opening: | ||
Inside the SSH Prompt for Ubuntu servers: | * Inside the SSH Prompt for Ubuntu servers: | ||
IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot) | * IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot) | ||
sudo nano /etc/iptables/rules.v4 | * sudo nano /etc/iptables/rules.v4 | ||
Remove these two lines | * Remove these two lines | ||
-A INPUT -j REJECT --reject-with icmp-host-prohibited | * -A INPUT -j REJECT --reject-with icmp-host-prohibited | ||
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |||
* -A FORWARD -j REJECT --reject-with icmp-host-prohibited | |||
Save. | * Save. | ||
Then: | Then: | ||
sudo iptables -L INPUT | * sudo iptables -L INPUT | ||
If this still shows: | * If this still shows: | ||
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | REJECT all -- anywhere anywhere reject-with icmp-host-prohibited | ||
Line 87: | Line 85: | ||
Do this: | Do this: | ||
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited | * iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited | ||
That SHOULD do it at least for IPv4. | That SHOULD do it at least for IPv4. |
Revision as of 20:33, 11 April 2022
Oracle Cloud Firewall How To.
(Dumped here from the Pastebin in case it gets removed)
Inside the WebAdmin App:
- Hamburger Menu > Pinned Links > Compute / Instances
- Click on your instance name
- Under Primary VINC
- Click on the Subnet: link
- Under Security Lists
- Click on Default Security List for subnet name
- Under Ingress Rules
- Click Add Ingress Rules
For each Rule:
- Source CIDR: 0.0.0.0/0
- IP Protocol: TCP
- Destination Port Range: 6667
- Click "Add Ingress Rules"
- and click Add Ingress Rules again...
- Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
- Repeat the above but with ::/0 for Source CIDR for IPv6
It should look similar to this when done: https://i.imgur.com/SzPFQha.png
- You may need to click under "Resources" in the sidebar and "Egress Rules"
- and add two Egress Rules.
- One for Destination CIDR: 0.0.0.0/0
- And one for Destination CIDR: ::/0
It should look like this when done: https://i.imgur.com/oFjS0E1.png
If you installed the oracle distro
- sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp
- sudo firewall-cmd --reload
Further Firewall opening:
- Inside the SSH Prompt for Ubuntu servers:
- IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
- sudo nano /etc/iptables/rules.v4
- Remove these two lines
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- Save.
Then:
- sudo iptables -L INPUT
- If this still shows:
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Do this:
- iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
That SHOULD do it at least for IPv4.