Machines security / firewall rules

Hi, I am working on Juju topics to be presented to my collagues . One important topic is security. I know, that Ubuntu images have (for example) enable unintended upgrades for security patches. That’s nice.

How about automatic firewall rules? I was under impression, that iptables are automatically applied for each machine/application upon deployment. But on my lab environment (LXD cluster) I can’t see any rules on deployed machines nor on controller.

Is possible to manage iptables automatically using Juju/charms? And expose just ports needed for application functionality (Prometheus port 9090…) and machine access (ssh)?

I can see that there are options on juju cli:

juju list-firewall-rules
juju set-firewall-rule

But I am not sure about how it exactly works especially across different clouds.

I didn’t find anything in docs (I probably missed something). Could you please explain me how (if at all) is this functionality implemented and limited?

Thanks for your explanation/ help in advance.