Last active
July 23, 2025 05:02
-
-
Save mmdriley/c0cd2a6726dcd660b77b6d1b8f5df830 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CLOUD_IMG: This file was created/modified by the Cloud Image build process | |
| # iptables configuration for Oracle Cloud Infrastructure | |
| # See the Oracle-Provided Images section in the Oracle Cloud Infrastructure | |
| # documentation for security impact of modifying or removing these rule | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [463:49013] | |
| :InstanceServices - [0:0] | |
| -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT | |
| -A INPUT -p icmp -j ACCEPT | |
| -A INPUT -i lo -j ACCEPT | |
| -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT | |
| -A INPUT -j REJECT --reject-with icmp-host-prohibited | |
| -A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
| -A OUTPUT -d 169.254.0.0/16 -j InstanceServices | |
| -A InstanceServices -d 169.254.0.2/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.2.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.4.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.5.0/24 -p tcp -m owner --uid-owner 0 -m tcp --dport 3260 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.2/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 53 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.3/32 -p tcp -m owner --uid-owner 0 -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.4/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 67 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp -m udp --dport 69 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.169.254/32 -p udp --dport 123 -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j ACCEPT | |
| -A InstanceServices -d 169.254.0.0/16 -p tcp -m tcp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with tcp-reset | |
| -A InstanceServices -d 169.254.0.0/16 -p udp -m udp -m comment --comment "See the Oracle-Provided Images section in the Oracle Cloud Infrastructure documentation for security impact of modifying or removing this rule" -j REJECT --reject-with icmp-port-unreachable | |
| COMMIT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CLOUD_IMG: This file was created/modified by the Cloud Image build process | |
| # iptables configuration for Oracle Cloud Infrastructure | |
| *filter | |
| :INPUT ACCEPT [0:0] | |
| :FORWARD ACCEPT [0:0] | |
| :OUTPUT ACCEPT [0:0] | |
| COMMIT |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ubuntu@instance20250723044503:~$ sudo service netfilter-persistent status | cat | |
| ● netfilter-persistent.service - netfilter persistent configuration | |
| Loaded: loaded (/usr/lib/systemd/system/netfilter-persistent.service; enabled; preset: enabled) | |
| Drop-In: /usr/lib/systemd/system/netfilter-persistent.service.d | |
| └─iptables.conf | |
| Active: active (exited) since Wed 2025-07-23 04:46:01 UTC; 15min ago | |
| Docs: man:netfilter-persistent(8) | |
| Main PID: 659 (code=exited, status=0/SUCCESS) | |
| CPU: 45ms | |
| Jul 23 04:46:01 ubuntu systemd[1]: Starting netfilter-persistent.service - netfilter persistent configuration... | |
| Jul 23 04:46:01 ubuntu netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start | |
| Jul 23 04:46:01 ubuntu netfilter-persistent[663]: run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start | |
| Jul 23 04:46:01 ubuntu systemd[1]: Finished netfilter-persistent.service - netfilter persistent configuration. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment