Created
April 11, 2023 09:25
-
-
Save mahata/856b769952bf3f0a3d70abe7ae16a217 to your computer and use it in GitHub Desktop.
iptables conf file for Oracle Cloud
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CLOUD_IMG: This file was created/modified by the Cloud Image build process | |
| # iptables configuration for Oracle Cloud Infrastructure | |
| # See the Oracle-Provided Images section in the Oracle Cloud Infrastructure | |
| # documentation for security impact of modifying or removing these rule | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [463:49013] | |
| :InstanceServices - [0:0] | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p udp --sport 123 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 2380 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 10250 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 10251 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 10252 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --match multiport --dports 30000:32767 -j ACCEPT | |
| -A OUTPUT -d 169.254.0.0/16 -j InstanceServices | |
| -A InstanceServices -d 169.254.0.2/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.2.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.4.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.5.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.2/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.3/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.4/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 67 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 69 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp --dport 123 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.0/16 -p tcp -m tcp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with tcp-reset | |
| -A InstanceServices -d 169.254.0.0/16 -p udp -m udp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with icmp-port-unreachable | |
| COMMIT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment