Skip to main content

Allow port in firewall - linux - OCI

By Gowthami | apps-dba.com | Oracle Cloud Infrastructure Series

When deploying Oracle Database or application servers on OCI Linux instances, opening the correct ports in both the OS firewall and OCI security lists is essential. This post covers how to allow ports through the Linux firewall (firewalld) and OCI network security rules.

What You Will Learn: How to open ports on OCI Linux instances using firewalld commands, and how to configure OCI Security Lists and Network Security Groups to allow inbound traffic.

Two Layers of Firewall on OCI

OCI Linux instances have two firewall layers that must both allow traffic:

  • OS-level firewall — firewalld (Oracle Linux / RHEL) or iptables
  • OCI network-level — Security Lists attached to subnets, or Network Security Groups (NSGs)

A common mistake is opening only one layer and wondering why connections still fail.

Step 1: Allow Port in Linux Firewall (firewalld)

Check if firewalld is running:

$ sudo systemctl status firewalld

Add a permanent rule to allow a specific port (example: TCP 1521 for Oracle listener):

$ sudo firewall-cmd --permanent --add-port=1521/tcp

Reload firewalld to apply the change:

$ sudo firewall-cmd --reload

Verify the port is allowed:

$ sudo firewall-cmd --list-ports

Common Ports to Open for Oracle DBAs

PortProtocolPurpose
1521TCPOracle SQL*Net listener
443TCPHTTPS / OCI Console
22TCPSSH access
8080TCPOracle APEX / EM Express
5500TCPOracle EM Express (19c+)
7001TCPWebLogic Admin Server

Step 2: Allow Port in OCI Security List

  1. Log in to OCI Console
  2. Navigate to Networking > Virtual Cloud Networks
  3. Select your VCN, then click on the relevant Subnet
  4. Click on the Security List attached to the subnet
  5. Click Add Ingress Rules
  6. Fill in:
    • Source CIDR: 0.0.0.0/0 (or restrict to specific IPs)
    • IP Protocol: TCP
    • Destination Port Range: 1521
  7. Click Add Ingress Rules to save

Step 2 (Alternative): Allow Port via Network Security Group

If using NSGs instead of Security Lists:

  1. Navigate to Networking > Network Security Groups
  2. Select the NSG attached to your instance VNIC
  3. Click Add Rules and configure an ingress rule for the port

Verify Connectivity

Test from a remote host using telnet or nc:

$ telnet <OCI_INSTANCE_PUBLIC_IP> 1521

# Or using netcat
$ nc -zv <OCI_INSTANCE_PUBLIC_IP> 1521

Troubleshooting

  • If port is still blocked after both steps, check if the Oracle listener is actually running: lsnrctl status
  • Verify the instance's VNIC is in the correct subnet with the right security list
  • Use sudo firewall-cmd --list-all to see all active firewalld rules
  • Check OCI VCN flow logs if available for dropped packets

Master Oracle Exadata

This post is part of our Oracle Cloud Infrastructure series. Get our comprehensive Exadata guide with cloud deployment patterns, networking guides, and performance tuning techniques.

Get the Exadata PDF Guide
Labels:

Comments

Post a Comment

Popular posts from this blog

Data Safe - Introduction

Oracle Data Safe - Practical Guide Oracle Data Safe learner guide Oracle Data Safe Assess risk, discover sensitive data, audit activity, and mask safely It focuses on what Data Safe helps you do operationally: review security posture, find risky identities, centralize auditing, locate sensitive data, and produce safer non-production copies. Contents 01 Why Data Safe matters 02 Where it fits 03 Capability map 04 Assessments 05 Activity Auditing 06 Discovery and Masking 07 Operating model 08 First 30 days 09 Knowledge check Section 01 Why Data Safe matters Database security work is often fragmented. One process checks configuration drift, another stores audit logs, another team scans for PII, and another team writes masking logic for test refreshes. Data Safe is useful because it turns those separate jobs into one security workflow. Key idea The best way to think about Data Safe is as a control plane for database security posture: assess the target, identify risky accounts, d...
Post a Comment
Read more

Testing Different Access Paths : Concatenated Index

Oracle Concatenated Indexes - Practical Deep Dive Oracle concatenated index deep dive Concatenated Indexes How composite indexes really work, why column order matters, and when skip scan changes the story Concatenated indexes, also called composite indexes, are easy to explain badly and surprisingly rich to explain well. The usual summary is “Oracle can use the index only when the leading column is present,” but that is only the starting point. To design them properly, you need to think about leading portions, equality versus range predicates, ordering requirements, skip scan eligibility, covering behavior, and whether one composite index can replace several single-column indexes in a given workload. Contents 01 What concatenated indexes are 02 Leading edge and leading portion 03 Why column order matters 04 Skip scan and when it helps 05 Access patterns and plan reading 06 Covering and sort elimination 07 Design rules that actually hold 08 Common mistakes 09 End-to-end demo 1...
Post a Comment
Read more

Database Replay - Real Application Testing (RAT)

Oracle Database Replay and RAT - Practical Deep Dive Oracle Database Replay deep dive Database Replay and Real Application Testing How to validate upgrades, patches, migrations, and risky changes with real workload behavior Database Replay is one of the most practical risk-reduction tools in the Oracle DBA toolbox. Instead of trusting synthetic benchmarks, isolated SQL tests, or intuition, you capture a real production workload, restore a test system to the same logical starting point, replay that workload, and analyze whether performance, errors, timing, and transactional behavior still look safe. Contents 01 What RAT actually is 02 Why Database Replay matters 03 End-to-end workflow 04 Capture design and prerequisites 05 Preprocess, calibrate, replay 06 Reading the results well 07 Pitfalls and unreplayable work 08 Database Replay vs SPA 09 Practical playbooks 10 Knowledge check Section 01 What Real Application Testing actually is Real Application Testing, usually shortened...
Post a Comment
Read more