Configuring a Firewall

Configuration Mode

• Configure a hardware firewall.

  If a hardware firewall exists, contact O&M personnel to configure it to allow access to the IP addresses of HiLens Kit devices.

• Configure a software firewall.

  If no hardware firewall is deployed, configure a software firewall. For details, see Configuring a Software Firewall.

Configuring a Software Firewall

1. Connect your HiLens Kit device to your PC using a network cable and log in to the device in SSH mode. For detailed operations, see Connecting a HiLens Kit Device to a PC.
2. Run the following command on PuTTY:

   iptables -I INPUT -p tcp --dport 443 -j DROP

   Disable all users to access the HiLens Kit intelligent edge system through port 443.

3. Configure the IP addresses that are allowed to access the HiLens Kit intelligent edge system through port 443 as required.
   • Run the following command on PuTTY to configure the IP address of a HiLens Kit device to access the HiLens Kit intelligent edge system (assume that the device IP address is 192.168.2.111):

     iptables -I INPUT -s 192.168.2.111 -p tcp --dport 443 -j ACCEPT

   • Run the following command on PuTTY to configure one IP address to access the HiLens Kit intelligent edge system (assume that the allowed IP address is 10.61.120.127):

     iptables -I INPUT -s 10.61.120.127 -p tcp --dport 443 -j ACCEPT

   • Run the following command on PuTTY to configure a network segment to access the HiLens Kit intelligent edge system (assume that the network segment is 10.61.120.*, where * is an integer from 0 to 255):

     iptables -I INPUT -s 10.61.120.0/24 -p tcp --dport 443 -j ACCEPT

4. Go to the /home/data/user directory on PuTTY and write the configuration commands in step 2 and step 3 to the user_init.sh file to prevent the configurations in step 2 and step 3 from becoming invalid after the HiLens Kit device is restarted.

   If the user_init.sh file does not exist in the /home/data/user directory, create one.