Saturday, November 5, 2022

Allow port in firewall - linux - OCI

=> Firewall commands should be run as root user

=> Firewall commands differ based on OS version, check OS version for correct firewall commands

[root@oci-instance-001 ~]# cat /etc/*release

Oracle Linux Server release 8.6


=> Check the firewall status 

[root@oci-instance-001 ~]# systemctl status firewalld

● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2022-11-06 04:27:23 GMT; 51s ago
     Docs: man:firewalld(1)
 Main PID: 1466 (firewalld)
    Tasks: 2 (limit: 3836)
   Memory: 25.2M
   CGroup: /system.slice/firewalld.service
           └─1466 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Nov 06 04:27:21 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 06 04:27:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.


=> Check allowed ports in firewall

[root@oci-instance-001 ~]# firewall-cmd --list-all

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="192.168.0.0" accept
        rule family="ipv4" source address="192.168.0.0/16" port port="8000" protocol="tcp" accept

[root@oci-instance-001 ~]#


=> Add required port - 8080 for Apache Tomcat for example

[root@oci-instance-001 ~]# firewall-cmd --add-port=8080/tcp --permanent

success

[root@oci-instance-001 ~]#


=> Restart firewall and verify newly added port

Restarting firewall command may hang leading to outage of the server. Server should be rebooted to fix this, so it is better to stop all applications running on the server and restart firewall.


[root@oci-instance-001 ~]# systemctl restart firewalld

[root@oci-instance-001 ~]# firewall-cmd --list-all

public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports: 8080/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
        rule family="ipv4" source address="192.168.0.0" accept
        rule family="ipv4" source address="192.168.0.0/16" port port="8000" protocol="tcp" accept

[root@oci-instance-001 ~]#

on
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)