Service Console - ESX Server Firewall Commands

Service Console - ESX Server Firewall Commands


The firewall built into ESX server uses iptables, the very commonly used Linux firewall. However to create the rules another esxcfg tool is used, which is esxcfg-firewall.


To list the services currently controlled by the firewall:
esxcfg-firewall -s


To list the firewall rules:
esxcfg-firewall -q [servicename]
esxcfg-firewall -q


Enable a service:
esxcfg-firewall -e [servicename]
esxcfg-firewall -e sshClient


Disable a service:
esxcfg-firewall -d [servicename]
esxcfg-firewall -d sshClient


Open a port:
esxcfg-firewall -o 465,tcp,out,out-smtps


Close a port:
esxcfg-firewall -c 465,tcp,out




Command Options:
/usr/sbin/esxcfg-firewall
esxcfg-firewall
-q|--query Lists current settings.
-q|--query Lists setting for the
specified service.
-q|--query incoming|outgoing Lists setting for non-required
incoming/outgoing ports.
-s|--services Lists known services.
-l|--load Loads current settings.
-r|--resetDefaults Resets all options to defaults
-e|--enableService Allows specified service
through the firewall.
-d|--disableService Blocks specified service
-o|--openPort Opens a port.
-c|--closePort Closes a port previously opened
via --openPort.
--blockIncoming Block all non-required incoming
ports (default value).
--blockOutgoing Block all non-required outgoing
ports (default value).
--allowIncoming Allow all incoming ports.
--allowOutgoing Allow all outgoing ports.
-h|--help Show this message.



NOTE: For changes to show in VC/VI client restart mgmt-vmware.
/etc/init.d/mgmt-vmware restart