VMware Cloud Community
nicholas1982
Hot Shot
Hot Shot
‎09-07-2017 11:10 PM

Create Persistent Custom Firewall Rule on ESXi 6.5

Hi Guys,

Just wondering if anyone here has successfully created persistent custom firewall rules for ESXi 6.5. I've reading up on this and seems the only supported method id to create a VIB using a depricated http://labs.vmware.com/flings/vib-author

I've also read many blogs which kind of explain the process, in particular the one authored by William Lam

http://www.virtuallyghetto.com/2012/09/creating-custom-vibs-for-esxi-50-51.html

http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html

Now for my question.. Is this still the only supported way of doing this, I'm also confused because Willian shows an example of creating a new firewall XML virtuallyGhetto.xml, How was he able to load this XML as far as I can sell the firewall only load service.xml

Any tips or help would be much appreciated?

Nicholas
0 Kudos
3 Replies
DPSB
Contributor
Contributor
‎10-06-2017 04:12 AM

Hello nicholas,

i have the same problem, i've found this:

Creating custom firewall rules in VMware ESXi 5.x (2008226) | VMware KB

Enable the SSH shell for your host, then follow the instructions in the KB article to create a new "service".

Configuring the firewall is now really a mess, they should have stayed with the iptables...

To answer your question:

http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html

esxcli network firewall ruleset allowedip add --ip-address=172.30.0.0/24 --ruleset-id=virtuallyGhetto

I guess the ruleset will automatically search for the .xml file named "virtuallyGhetto", if its placed in the right directory.

And no, its not the only way, take a look at the first link, you can just modify the services.xml and add a new service.

Nick_Andreev
Expert
Expert
‎10-13-2017 11:06 PM

Did you follow the KB article provided by DPSB? You have to make sure you enable "sticky bit", before you change services.xml, otherwise changes won't persist after a reboot. More on what happens behind the scenes in this VMTN post:

Re: VMWare ESXi Installation Failing - Help!

---
If you found my answers helpful please consider marking them as helpful or correct.
VCIX-DCV, VCIX-NV, VCAP-CMA | vExpert '16, '17, '18
Blog: http://niktips.wordpress.com | Twitter: @nick_andreev_au
JGK1975
Contributor
Contributor
‎11-04-2021 10:33 AM

I'll check this out and see if I can get it working.  Going to start up or research another topic as well in relation to cron.  Thank you!

0 Kudos