Basic Oracle Cloud Firewall Guide

From pisswiki
Revision as of 20:31, 11 April 2022 by Roadkill (talk | contribs) (Created page with "Oracle Cloud Firewall How To. (Dumped here from the Pastebin in case it gets removed) Inside the WebAdmin App: Hamburger Menu > Pinned Links > Compute / Instances Click...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Oracle Cloud Firewall How To.

(Dumped here from the Pastebin in case it gets removed)

Inside the WebAdmin App:

Hamburger Menu > Pinned Links > Compute / Instances

Click on your instance name

Under Primary VINC

Click on the Subnet: link

Under Security Lists

Click on Default Security List for subnet name

Under Ingress Rules

Click Add Ingress Rules

For each Rule:

Source CIDR: 0.0.0.0/0

IP Protocol: TCP

Destination Port Range: 6667

Click "Add Ingress Rules"

and click Add Ingress Rules again...

Fill in the fields as before but for the following destination port ranges each time: 6697, 6900

Repeat the above but with ::/0 for Source CIDR for IPv6

It should look similar to this when done:

https://i.imgur.com/SzPFQha.png

You may need to click under "Resources" in the sidebar and "Egress Rules"

and add two Egress Rules.

One for Destination CIDR: 0.0.0.0/0

And one for Destination CIDR: ::/0

It should look like this when done: https://i.imgur.com/oFjS0E1.png

--- If you installed the oracle distro sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp sudo firewall-cmd --reload




Further Firewall opening:

Inside the SSH Prompt for Ubuntu servers:

IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)

sudo nano /etc/iptables/rules.v4

Remove these two lines

-A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited

Save.

Then:

sudo iptables -L INPUT

If this still shows:

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Do this:

iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited

---

That SHOULD do it at least for IPv4.