Jonathan Marrott's VM Scripting Blog http://communities.vmware.com/blogs/froboy A swell blog containing some of the scripts I have written for VM management. Fri, 28 Sep 2007 19:37:21 GMT Clearspace 1.10.12 (http://jivesoftware.com/products/clearspace/) 2007-09-28T19:37:21Z Firewall - XML Changes (Updated) http://communities.vmware.com/blogs/froboy/2008/01/18/firewall-xml-changes-updated I decided that I didn't like changing the firewall by executing esxcfg-firewall all the time. So I edited the appropriate XML file to include the nececssary ports for TSM and VMM (HP) agent. This is different for ESX 3.0.x and 3.5. <b>One word of caution: In ESX 3.5 if you add a service to services.xml and it exists in another XML file. You can render your system inaccessible.</b><br /> <br /> <b>ESX 3.5</b><br /> <b>Service - TSM</b><br /> Location - ibmTSM.xml<br /> <br /> &lt;!-- Firewall configuration information for IBM TSM --&gt;<br /> &lt;ConfigRoot&gt;<br /> &lt;service&gt;<br /> &lt;id&gt;TSM&lt;/id&gt;<br /> &lt;rule id='0000'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;1500&lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0001'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;1500&lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0002'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1581&lt;/begin&gt;<br /> &lt;end&gt;1583&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0003'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1581&lt;/begin&gt;<br /> &lt;end&gt;1583&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;/service&gt;<br /> &lt;/ConfigRoot&gt;<br /> <br /> <b>ESX 3.0.x</b><br /> <b>Service - TSM</b><br /> Location - services.xml<br /> &lt;service id='0023'&gt;<br /> &lt;id&gt;TSM&lt;/id&gt;<br /> &lt;rule id='0000'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;1500&lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0001'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;1500&lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0002'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1581&lt;/begin&gt;<br /> &lt;end&gt;1583&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0003'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1581&lt;/begin&gt;<br /> &lt;end&gt;1583&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;/service&gt;<br /> <br /> <b>Service - VMM</b><br /> Location - services.xml<br /> <i>Note: We discontinued use of VMM do to VM reboots.</i><br /> <br /> &lt;service id='0028'&gt;<br /> &lt;id&gt;VmmService&lt;/id&gt;<br /> &lt;rule id='0000'&gt;<br /> &lt;direction&gt;inbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1124&lt;/begin&gt;<br /> &lt;end&gt;1126&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;rule id='0001'&gt;<br /> &lt;direction&gt;outbound&lt;/direction&gt;<br /> &lt;protocol&gt;tcp&lt;/protocol&gt;<br /> &lt;port type='dst'&gt;<br /> &lt;begin&gt;1124&lt;/begin&gt;<br /> &lt;end&gt;1126&lt;/end&gt;<br /> &lt;/port&gt;<br /> &lt;flags&gt;-m state --state NEW&lt;/flags&gt;<br /> &lt;/rule&gt;<br /> &lt;/service&gt; esx firewall xml Fri, 18 Jan 2008 18:54:00 GMT froboy http://communities.vmware.com/blogs/froboy/2008/01/18/firewall-xml-changes-updated 2008-01-18T18:54:00Z 2 years, 2 months ago http://communities.vmware.com/blogs/froboy/comment/firewall-xml-changes-updated http://communities.vmware.com/blogs/froboy/feeds/comments?blogPostID=1051 Firewall - Sync with Virtual Center http://communities.vmware.com/blogs/froboy/2007/09/28/firewall-sync-with-virtual-center One of the initial issues I had with Virtual Center is that it did not always show the correct firewall settings. The command esxcfg-firewall seemed to be the authority on open ports. By executing 'service mgmt-vmware restart' at the command prompt it syncs up VC with esxcfg-firewall. If you decide to script this and plan on having commands after this, you will want to add a 'sleep 20' command on the next line so that the VM management service has a chance to finish the sync. esx firewall Fri, 28 Sep 2007 19:42:00 GMT froboy http://communities.vmware.com/blogs/froboy/2007/09/28/firewall-sync-with-virtual-center 2007-09-28T19:42:00Z 2 years, 2 months ago http://communities.vmware.com/blogs/froboy/comment/firewall-sync-with-virtual-center http://communities.vmware.com/blogs/froboy/feeds/comments?blogPostID=1052