Service Console - ESX Server Firewall Commands

Latest

Poll

By the end of Q2 2010 what percentage of your servers do you intend to have virtualized?

	0-25% Virtualized
	26-50% Virtualized
	51-75% Virtualized
	76-100% Virtualized

Random

Networking Configuration - vSwitches and Port Groups with 8 Physical NICs
When configuring networking on an ESX/ESXi server it is important that you plan and configure it...

Home

Resources

ESX and ESXi Server

Service Console - ESX Server Firewall Commands

The firewall built into ESX server uses iptables, the very commonly used Linux firewall. However to create the rules another esxcfg tool is used, which is esxcfg-firewall.

To list the services currently controlled by the firewall:

esxcfg-firewall -s

To list the firewall rules:

esxcfg-firewall -q [servicename]

esxcfg-firewall -q

Enable a service:

esxcfg-firewall -e [servicename]

esxcfg-firewall -e sshClient

Disable a service:

esxcfg-firewall -d [servicename]

esxcfg-firewall -d sshClient

Open a port:

esxcfg-firewall -o 465,tcp,out,out-smtps

Close a port:

esxcfg-firewall -c 465,tcp,out

Command Options:

/usr/sbin/esxcfg-firewall
esxcfg-firewall
-q|--query                                      Lists current settings.
-q|--query Lists setting for the
specified service.
-q|--query incoming|outgoing                    Lists setting for non-required
incoming/outgoing ports.
-s|--services                                   Lists known services.
-l|--load                                       Loads current settings.
-r|--resetDefaults                              Resets all options to defaults
-e|--enableService Allows specified service
through the firewall.
-d|--disableService Blocks specified service
-o|--openPort         Opens a port.
-c|--closePort             Closes a port previously opened
via --openPort.
--blockIncoming                              Block all non-required incoming
ports (default value).
--blockOutgoing                              Block all non-required outgoing
ports (default value).
--allowIncoming                              Allow all incoming ports.
--allowOutgoing                              Allow all outgoing ports.
-h|--help                                       Show this message.

NOTE: For changes to show in VC/VI client restart mgmt-vmware.

/etc/init.d/mgmt-vmware restart

< Prev		Next >

DISCLAIMER: All advice, tips, guides and other information on this website is provided as-is with no warranty or guarantee. While most information is correct to the best of my knowledge, I am not reponsible for any issues that may arise in using the information, and you do so at your own risk. As always before doing anything; check, double check, test and always make a backup.

Help VMadmin

All resources on this site are provided absolutley free. However it takes time and money to keep the site running. If any information has been helpful to you or your company, and you wish to make a donation to help keep VMadmin.co.uk running you can do so via paypal, and it would be much appreciated.

Click to donate to VMadmin.co.uk via paypal.

VMadmin.co.uk

Related

Latest

Poll

Random

Popular

Help VMadmin