Configuring the Firewall

For details about how to enable firewall ports in different operating systems, see the following steps:

If the firewall is improperly configured, system communication exceptions may occur.

  1. Log in to the server as user root.
  2. Run the iptables -I INPUT 1 -s IP address/submask -p tcp -j ACCEPT command to configure the IP address whitelist of the firewall.

    • After the firewall is enabled, only the IP addresses in the whitelist can be used to communicate with the UltraVR Server. Therefore, to ensure the normal communication between a device and the UltraVR Server, add the IP address of the device to the whitelist. For example, if you connect to the UltraVR Server on a local device in a remote manner, add the IP address of the device to the whitelist. In addition, when you add a resource to UltraVR, add the IP address of the resource device to the whitelist.
    • To ensure the normal connection between the UltraVR Server and other devices, run the iptables -I INPUT 1 command to set the firewall rule of the UltraVR Server to be the first rule.
    • If you have accessed a remote operating system, perform Step 2 to add the local IP address to the IP whitelist. Otherwise, the remote connection will be automatically disconnected immediately after the firewall is enabled.

    Parameter description:

    • -s: indicates that one IP address or IP address segment is to be specified. If an IP address is to be specified, -s is followed by the IP address. If an IP address segment is to be specified, -s is followed by information at the IP address/submask format.
    • -p: indicates the protocol type to be specified and is optional. This part uses TCP as an example.
    • -j: followed by ACCEPT and indicates that the access request is accepted.

  3. Run the iptables -A INPUT -i lo -j ACCEPT command to set network loopback rules to allow communication between servers.
  4. Run the iptables -P INPUT DROP command to set the policy for inflow of data packets to DROP. In this way, only the IP address or IP address segment set in Step 2 can access the current operating system.
  5. Run the iptables -save > /etc/sysconfig/iptables command to save the configurations.
  6. Run the vi /etc/rc.d/rc.local command and press Insert to add the following command to the startup script.

    iptables-restore < /etc/sysconfig/iptables

  7. Press Esc, and run the :wq! command to save the change and exit.

    After the firewall is enabled, restart the UltraVR Server service by performing the following steps:

    1. Run cd /opt/UltraVR/Runtime/bin command to enter the script save path.
    2. Run the sh shutdownSystem.sh command.
    3. Type y and press Enter to disable the UltraVR Server service.
    4. Run the sh startSystem.sh command to restart the UltraVR Server service.
    • If the firewall rule changes, run the iptables-save > /etc/sysconfig/iptables command to save the updated firewall rule. Otherwise, the firewall rule will be restored to the previously saved one after the operating system is rebooted.
    • To disable the firewall, perform the following:
    • Run the iptables -P INPUT ACCEPT command.
    1. Run the iptables -D INPUT 1 command repeatedly until all firewall rules are deleted.
    2. Run the iptables -save > /etc/sysconfig/iptables command to save the configurations.

Parent topic: Common Operations
Copyright © Huawei Technologies Co., Ltd.