The firewall built into ESX server uses iptables, the very commonly used Linux firewall. However to create the rules another esxcfg tool is used, which is esxcfg-firewall.

To list the services currently controlled by the firewall:
esxcfg-firewall -s

To list the firewall rules:
esxcfg-firewall -q [servicename]
esxcfg-firewall -q

Enable a service:
esxcfg-firewall -e [servicename]
esxcfg-firewall -e sshClient

Disable a service:
esxcfg-firewall -d [servicename]
esxcfg-firewall -d sshClient

Open a port:
esxcfg-firewall -o 465,tcp,out,out-smtps

Close a port:
esxcfg-firewall -c 465,tcp,out


Command Options:
/usr/sbin/esxcfg-firewall
esxcfg-firewall
-q|--query                                      Lists current settings.
-q|--query Lists setting for the
specified service.
-q|--query incoming|outgoing                    Lists setting for non-required
incoming/outgoing ports.
-s|--services                                   Lists known services.
-l|--load                                       Loads current settings.
-r|--resetDefaults                              Resets all options to defaults
-e|--enableService Allows specified service
through the firewall.
-d|--disableService Blocks specified service
-o|--openPort         Opens a port.
-c|--closePort             Closes a port previously opened
via --openPort.
--blockIncoming                              Block all non-required incoming
ports  (default value).
--blockOutgoing                              Block all non-required outgoing
ports (default value).
--allowIncoming                              Allow all incoming ports.
--allowOutgoing                              Allow all outgoing ports.
-h|--help                                       Show this message.


NOTE: For changes to show in VC/VI client restart mgmt-vmware.
/etc/init.d/mgmt-vmware restart

Share this blog post on social media:

Latest Blog Posts

Popular

Social Links

Disclaimer

All advice, installation/configuration how to guides, troubleshooting and other information on this website are provided as-is with no warranty or guarantee. Whilst the information provided is correct to the best of my knowledge, I am not reponsible for any issues that may arise using this information, and you do so at your own risk. As always before performing anything; check, double check, test and always ensure you have a backup.

Copyright ©2008-2021 Andy Barnes - Please do not copy any content including images without prior consent!

Designed and Hosted by Andy Barnes

We use cookies

We use cookies on our website. Some of them are essential for the operation of the site, while others help us to improve this site and the user experience (tracking cookies). You can decide for yourself whether you want to allow cookies or not. Please note that if you reject them, you may not be able to use all the functionalities of the site.

Ok Decline