Basic Oracle Cloud Firewall Guide

From pisswiki
Jump to: navigation, search

Oracle Cloud Firewall How To.

(Dumped here from the Pastebin in case it gets removed)

Inside the WebAdmin App:

  • Hamburger Menu > Pinned Links > Compute / Instances
  • Click on your instance name
  • Under Primary VINC
  • Click on the Subnet: link
  • Under Security Lists
  • Click on Default Security List for subnet name
  • Under Ingress Rules
  • Click Add Ingress Rules

For each Rule:

  • Source CIDR: 0.0.0.0/0
  • IP Protocol: TCP
  • Destination Port Range: 6667
  • Click "Add Ingress Rules"
  • and click Add Ingress Rules again...
  • Fill in the fields as before but for the following destination port ranges each time: 6697, 6900
  • Repeat the above but with ::/0 for Source CIDR for IPv6

It should look similar to this when done: https://i.imgur.com/SzPFQha.png

  • You may need to click under "Resources" in the sidebar and "Egress Rules"
  • and add two Egress Rules.
  • One for Destination CIDR: 0.0.0.0/0
  • And one for Destination CIDR: ::/0

It should look like this when done: https://i.imgur.com/oFjS0E1.png

If you installed the oracle distro

  • sudo firewall-cmd --zone=public --permanent --add-port=6667/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6697/tcp
  • sudo firewall-cmd --zone=public --permanent --add-port=6900/tcp
  • sudo firewall-cmd --reload

Further Firewall opening:

  • Inside the SSH Prompt for Ubuntu servers:
  • IP Tables Firewall unlocking (you may need to do this more than once, like after a server reboot)
  • sudo nano /etc/iptables/rules.v4
  • Remove these two lines
  • -A INPUT -j REJECT --reject-with icmp-host-prohibited
  • -A FORWARD -j REJECT --reject-with icmp-host-prohibited
  • Save.

Then:

  • sudo iptables -L INPUT
  • If this still shows:

REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

Do this:

  • iptables -D INPUT -j REJECT --reject-with icmp-host-prohibited

That SHOULD do it at least for IPv4.