The Oracle Always Free plan is an excellent option, but I found myself struggling with their firewall settings while attempting to run an Nginx web server. Despite enabling port 80 in both the network security groups and security lists, it was still being blocked for unknown reasons.
Firstly I checked the ufw settings and it was disabled definitely. However, when I looked at the iptable rules by executing sudo iptables -L, I was surprised by lots of existing rules there.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
... *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1150:1850710] :InstanceServices - [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p udp -m udp --sport 123 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited ... |
Well, I know that must be a security measure to protect your cloud services, but let’s say that we have correct settings in network security groups and security lists, then it may be reasonable to shutdown operating system’s firewall. Thus, I decided to disable ufw and these iptable rules permanently.
To disable the ufw, execute the following command.
|
1 |
sudo ufw disable |
To remove above iptable rules in Ubuntu, replace the content of /etc/iptables/rules.v4 with the following text.
|
1 2 3 4 5 6 7 8 |
# Generated by iptables-save v1.8.7 on Fri Mar 31 15:15:21 2023 *filter :INPUT ACCEPT [86:13330] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [81:57555] :InstanceServices - [0:0] COMMIT # Completed on Fri Mar 31 15:15:21 2023 |
then replace the content of /etc/iptables/rules.v6 with the following text.
|
1 2 3 4 5 6 7 |
# Generated by ip6tables-save v1.8.7 on Fri Mar 31 15:15:31 2023 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [13:788] COMMIT # Completed on Fri Mar 31 15:15:31 2023 |
Thank you, that was very helpful.