8i | 9i | 10g | 11g | 12c | 13c | 18c | 19c | 21c | 23ai | Misc | PL/SQL | SQL | RAC | WebLogic | Linux
Oracle Cloud Infrastructure (OCI) : Amend Firewall Rules
This article shows how to amend the firewall rules for a virtual machine under Oracle Cloud Infrastructure (OCI).
This is a really simple example of allow access to a service. It's not meant to be a recommendation or best practice.
The screens change a little with each quarterly release of Oracle Cloud. Even so, the screen shots in this article will give you a good idea of what is involved.
Related articles.
- Oracle Cloud Infrastructure (OCI) : Create a Compartment
- Oracle Cloud Infrastructure (OCI) : Create a Virtual Cloud Network (VCN)
- Oracle Cloud Infrastructure (OCI) : Create a Compute VM
- Cloud Articles
Assumptions
This article assumes you've already defined a compute VM under Oracle Cloud Infrastructure (OCI). You can see how to do that here.
VM Setup
It's important to remember the local firewall running in the VM. It's really easy to get confused thinking the you are adjusting this when using the OCI network security features. You are not!
We need something to test, so in this example we will install and start the default Tomcat from the Yum repository. The following are run as the "root" user.
yum install -y tomcat tomcat-webapps tomcat-admin-webapps systemctl enable tomcat systemctl start tomcat
We also need to punch a hole in the local firewall running on the VM to allow traffic through to port 8080. Once again, these commands should run as the "root" user.
firewall-cmd --permanent --zone=public --add-port=8080/tcp firewall-cmd --reload
Amend Security List
Navigate to the detail page for the virtual machine you are interested in. Click on the "Virtual Cloud Network" associated with the VM.
On the Virtual Cloud Network (VCN) detail page, click on the "Security Lists" link.
Click on the default security list, assuming you are using that list.
Click the "Add Ingress Rule" button.
Enter the details of the new rule and click the "Add Ingress Rules" button.
The new rule is added to the list..
You can now access Tomcat using the following URL, adjusted to match your public IP address.
http://123.123.123.123:8080/
For more information see:
- Security Lists
- Oracle Cloud Infrastructure (OCI) : Create a Compartment
- Oracle Cloud Infrastructure (OCI) : Create a Virtual Cloud Network (VCN)
- Oracle Cloud Infrastructure (OCI) : Create a Compute VM
- Cloud Articles
Hope this helps. Regards Tim...