How Can I Block Incoming Connections to My Linux Real Time Target?

Updated Jan 24, 2020

Reported In

Operating System

  • LabVIEW Real-Time (NI Linux Real-Time)

Issue Details

I would like to block all incoming connections to my cRIO for security purposes. Is that possible?
 

Solution

You could use iptables, a standard command-line firewall utility for Linux OS. Follow the instructions, below.
  1. Connect a display and a keyboard to the Linux Real Time target.
  2. Turn on the Linux Real Time target.
  3. Enter the login ID and password when asked on the Linux Shell. 
  4. Enter the following command to block all incoming accesses: iptables --policy INPUT DROP
  5. Enter the following line to save the firewall settings: iptables-save


To allow incoming connections, enter the following line: iptables --policy INPUT ACCESS

Additional Information

It is also possible to block some specific ports, using the following commands (e.g. to block all incoming connections on port 80):

iptables -A INPUT -p tcp --destination-port 80 -j DROP

You can check the document Configuring Software and Hardware Firewalls to Support National Instruments Products to verify what ports are used by National Instruments services and how to configure properly your firewall. Refer to the Related links section to additional security suggestions on Linux Real Time devices.