Basic Oracle Cloud Firewall Guide: Difference between revisions

From pisswiki
(Created page with "Oracle Cloud Firewall How To. (Dumped here from the Pastebin in case it gets removed) Inside the WebAdmin App: Hamburger Menu > Pinned Links > Compute / Instances Click...")
 
No edit summary
Line 5: Line 5:
Inside the WebAdmin App:
Inside the WebAdmin App:
   
   
Hamburger Menu > Pinned Links > Compute / Instances
* Hamburger Menu > Pinned Links > Compute / Instances
   
   
Click on your instance name
* Click on your instance name
   
   
Under Primary VINC
* Under Primary VINC
   
   
Click on the Subnet: link
* Click on the Subnet: link
   
   
Under Security Lists
* Under Security Lists
   
   
Click on Default Security List for subnet name
* Click on Default Security List for subnet name
   
   
Under Ingress Rules
* Under Ingress Rules
   
   
Click Add Ingress Rules
* Click Add Ingress Rules
   
   
For each Rule:
For each Rule:
   
   
Source CIDR: 0.0.0.0/0
* Source CIDR: 0.0.0.0/0
   
   
IP Protocol: TCP
* IP Protocol: TCP
   
   
Destination Port Range: 6667
* Destination Port Range: 6667
   
   
Click "Add Ingress Rules"
* Click "Add Ingress Rules"
   
   
and click Add Ingress Rules again...
* and click Add Ingress Rules again...
   
   
Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
* Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
   
   
Repeat the above but with ::/0 for Source CIDR for IPv6
* Repeat the above but with ::/0 for Source CIDR for IPv6
   
   
It should look similar to this when done:
It should look similar to this when done: https://i.imgur.com/SzPFQha.png
   
   
https://i.imgur.com/SzPFQha.png
* You may need to click under "Resources" in the sidebar and "Egress Rules"
   
   
You may need to click under "Resources" in the sidebar and "Egress Rules"
* and add two Egress Rules.
   
   
and add two Egress Rules.
* One for Destination CIDR: 0.0.0.0/0
   
   
One for Destination CIDR: 0.0.0.0/0
* And one for Destination CIDR: ::/0
And one for Destination CIDR: ::/0
   
   
It should look like this when done: https://i.imgur.com/oFjS0E1.png
It should look like this when done: https://i.imgur.com/oFjS0E1.png
   
   
--- If you installed the oracle distro  
If you installed the oracle distro  
sudo firewall-cmd  --zone=public  --permanent  --add-port=6667/tcp
 
sudo firewall-cmd  --zone=public  --permanent  --add-port=6697/tcp
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6667/tcp
sudo firewall-cmd  --zone=public  --permanent  --add-port=6900/tcp
 
sudo firewall-cmd --reload
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6697/tcp
------
 
* sudo firewall-cmd  --zone=public  --permanent  --add-port=6900/tcp
 
* sudo firewall-cmd --reload
 
Further Firewall opening:
Further Firewall opening:
   
   
Inside the SSH Prompt for Ubuntu servers:
* Inside the SSH Prompt for Ubuntu servers:
   
   
IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
* IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
   
   
sudo nano /etc/iptables/rules.v4
* sudo nano /etc/iptables/rules.v4
   
   
Remove these two lines
* Remove these two lines
   
   
-A INPUT -j REJECT --reject-with icmp-host-prohibited  
* -A INPUT -j REJECT --reject-with icmp-host-prohibited  
-A FORWARD -j REJECT --reject-with icmp-host-prohibited  
 
* -A FORWARD -j REJECT --reject-with icmp-host-prohibited  
   
   
Save.
* Save.
   
   
Then:
Then:
   
   
sudo iptables -L INPUT
* sudo iptables -L INPUT
   
   
If this still shows:  
* If this still shows:  
   
   
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited  
REJECT    all  --  anywhere            anywhere            reject-with icmp-host-prohibited  
Line 87: Line 85:
Do this:
Do this:
   
   
iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
* iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited
---
   
   
That SHOULD do it at least for IPv4.
That SHOULD do it at least for IPv4.

Revision as of 20:33, 11 April 2022

Oracle Cloud Firewall How To.

(Dumped here from the Pastebin in case it gets removed)

Inside the WebAdmin App:

  • Hamburger Menu > Pinned Links > Compute / Instances
  • Click on your instance name
  • Under Primary VINC
  • Click on the Subnet: link
  • Under Security Lists
  • Click on Default Security List for subnet name
  • Under Ingress Rules
  • Click Add Ingress Rules

For each Rule:

  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 6667
  • Click "Add Ingress Rules"
  • and click Add Ingress Rules again...
  • Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
  • Repeat the above but with ::/0 for Source CIDR for IPv6

It should look similar to this when done: https://i.imgur.com/SzPFQha.png

  • You may need to click under "Resources" in the sidebar and "Egress Rules"
  • and add two Egress Rules.
  • One for Destination CIDR: 0.0.0.0/0
  • And one for Destination CIDR: ::/0

It should look like this when done: https://i.imgur.com/oFjS0E1.png

If you installed the oracle distro

  • sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp
  • sudo firewall-cmd --reload

Further Firewall opening:

  • Inside the SSH Prompt for Ubuntu servers:
  • IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
  • sudo nano /etc/iptables/rules.v4
  • Remove these two lines
  • -A INPUT -j REJECT --reject-with icmp-host-prohibited
  • -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  • Save.

Then:

  • sudo iptables -L INPUT
  • If this still shows:

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Do this:

  • iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited

That SHOULD do it at least for IPv4.