Open the following ports as needed on the DB system:

• 6200 - For Oracle Notification Service (ONS).
• 1158 - For Enterprise Manager Cloud Control. 1158 is the default port, but each additional console enabled on the DB system will have a different port. For more information, see Monitor Using Oracle Enterprise Manager.

For important information about critical firewall rules, see essential firewall rules in Security Rules for the DB System.

Procedure

1. SSH to the DB System.

   ssh -i <private_key_path> opc@<db_system_ip_address>

2. Log in as opc and then sudo to the root user.

   login as: opc
   sudo su -

3. Save a copy of iptables as a backup.

   iptables-save > /tmp/iptables.orig

   (If necessary, you can restore the original file by using the command iptables-restore < /tmp/iptables.orig.)

4. Dynamically add a rule to iptables to allow inbound traffic on the console port, as shown in the following sample. Change the port number  and comment as needed.

   iptables -I INPUT 8 -p tcp -m state --state NEW -m tcp --dport 1158 -j ACCEPT -m comment 
       --comment "Required for Enterprise Manager Database Control."

5. Make sure the rule was added.

   service iptables status

6. Save the updated file to /etc/sysconfig/iptables.

   /sbin/service iptables save

   The change takes effect immediately and will remain in effect when the node is rebooted.

7. Update the DB system's security list as described in Update the Security List for the DB System.