Oracle MiniCluster S7-2 Security Guide

Verify Firewall Rules

All compute environments, including the global zones, kernel zones, and Oracle Solaris 11.4 non-global zones are automatically configured with firewalls. Use this CLI procedure to verify the compute nodes in the global zone. The global zones, kernel zones, and VMs can each have their own set of rules.

To verify the firewalls in use, perform these steps.

1. Log into the global zone on node 1 as mcinstall, and assume the root role.

   For Oracle ILOM login instructions, refer to Accessing Oracle ILOM in Oracle MiniCluster S7-2 Administration Guide.

   % ssh mcinstall@mc4-n1
   Password: ***************
   Last login: Tue Jun 28 10:47:38 2016 on rad/59
   Oracle Corporation      SunOS 5.11      11.3    June 2016
   Minicluster Setup successfully configured
   Unauthorized modification of this system configuration strictly prohibited
   mcinstall@mc4-n1:/var/home/mcinstall % su root
   Password: ***************
   #
   

2. Check the firewall configuration.

   Review one of the following files based on the version of the Oracle Solaris OS:

   • Oracle Solaris 11.4 – /etc/firewall/pf.conf

   • Oracle Solaris 11.3 – /etc/ipf/ipf.conf

3. Verify that the firewall services are online.

   Use one of the following commands based on the version of the Oracle Solaris OS:

   • Oracle Solaris 11.4 – pfctl -sr -v

   • Oracle Solaris 11.3 – ipfstat -v or svcs | grep svc:/network/ipfilter:default

4. Ensure that your databases and applications are accessible without changing the firewall rules.