I need some help understanding how firewalls are supposed to work in OCI.
My setup: multiple instances on the same subnet. When I go into an instance → networking → select subnet → security → Default Security List for the VCN → Security rules, the changes I make don’t seem to behave as expected.
Example: on one instance I tried opening specific ports, but they still didn’t respond. I even tried allowing all inbound traffic, but connections still failed. On the OS level I disabled ufw
and flushed iptables
to rule out host-side blocking, but no luck.
What I’m trying to achieve:
- Be able to manage each server’s firewall separately, since they will run different services and ports.
- Avoid one instance’s firewall rules affecting the others.
Questions:
- Are Security List rules applied at the subnet level for all instances?
- Is there a way to apply firewall rules per instance instead of per subnet?
- What’s the best practice if I want each server to have its own firewall management, independent from the others?
Appreciate any clarification.