Enabling the Firewall Port

During installation, the Kunpeng DevKit checks whether the required port is enabled and helps enable the port through the interactive user interface. If you choose not to enable the required port, the tool service cannot be used. To manually enable a port, perform the following operations:

If the firewall of the server OS is enabled, perform the following operations to enable the firewall port of the server OS. (If the firewall of the server OS is disabled, skip this step.)

In the following commands, 8086 is the HTTPS port number set in 6. Replace it with the actual port number.
If you have configured the hardware firewall, contact the network administrator to configure the hardware firewall and enable the ports that will be accessed.

CentOS/EulerOS/openEuler/RHEL 7.x/NeoKylin/Kylin/BC-Linux/iSoft/SUSE

Check whether the firewall is enabled.
1
systemctl status firewalld
If the firewall status is inactive, the firewall is not enabled. Skip the following steps in this case.
Check whether the port is enabled.
1
firewall-cmd --query-port=8086/tcp
If "no" is displayed, the port is not enabled.
Enable the port permanently.
1
firewall-cmd --add-port=8086/tcp --permanent
If "success" is displayed, the port is enabled successfully.
Reload the configuration.
1
firewall-cmd --reload
Check whether the port is enabled.
1
firewall-cmd --query-port=8086/tcp
If "yes" is displayed, the port is enabled.
- To remove a port, run the following command:
  1
  firewall-cmd --permanent --remove-port=8086/tcp
  
  If "success" is displayed, the port is successfully removed.
  
  After the port is removed, run the following command to reload the configuration:
  
  1
  firewall-cmd --reload
- If firewalld is not available in the SUSE OS, install firewalld and then run the firewalld commands in the preceding steps.

Debian/Ubuntu/Deepin/Linx/UOS

If UFW is installed, perform the following steps:
1. Check the firewall and port status.
  1
  ufw status
  If the firewall status is inactive, the firewall is not enabled. Skip the following steps in this case.
2. Enable the port.
  1
  ufw allow 8086/tcp
3. Check whether the port is enabled.
  1
  ufw status
  If the value of Action is ALLOW, the port is enabled.
  - To remove a port, run the following command:
    1
    ufw delete allow 8086/tcp
  - When both UFW and firewalld are enabled in the system, run the firewalld command to check the port status. If the command output shows that the port is disabled, the tool cannot automatically enable the port. (If the tool automatically runs the firewalld command to enable the port, UFW will be disabled). You need to enable the port manually. You can disable UFW or firewalld. Then run the command to enable the port.
If UFW is not installed and iptables provided by the OS is used, perform the following steps:
1. Check whether the port is disabled.
  1
  iptables -L -n | grep 8086
  - If no command output is displayed, the port is not disabled. Skip the following steps.
  - If a command output is displayed, the port is disabled. Go to 2.
2. If the port is disabled, run the following command to enable it:
```
iptables -D INPUT -p tcp --dport 8086 -j DROP
```
  INPUT indicates the action initiated by an external server and DROP indicates the restriction rule. Replace them as the actual ones.

Parent topic: Common Operations