Comment 8 for bug 1834974

open-port doesn't change any firewall rules. It lists in the model that if an application is exposed those ports will be opened as instructed. However, it doesn't open them as not all uses of an application are for exposed/public use.

expose then looks at the list of ports that are defined to be opened and adjusts the firewall rules.

It appears that's not working appropriately in this case.

Juju managed the firewall at the cloud API level and doesn't manage machine based software like iptables. Looking at the provider code:

https://github.com/juju/juju/blob/develop/provider/oci/firewall.go

It looks like the firewall is not implemented.

There is support around security lists though in the networking code. Looking at the docs we should be using https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/securitylists.htm but we'd not expect a firewall to show any updates on the host machine.

Thanks for the added info.