Hi Guys,
Just wondering if anyone here has successfully created persistent custom firewall rules for ESXi 6.5. I've reading up on this and seems the only supported method id to create a VIB using a depricated http://labs.vmware.com/flings/vib-author
I've also read many blogs which kind of explain the process, in particular the one authored by William Lam
http://www.virtuallyghetto.com/2012/09/creating-custom-vibs-for-esxi-50-51.html
http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html
Now for my question.. Is this still the only supported way of doing this, I'm also confused because Willian shows an example of creating a new firewall XML virtuallyGhetto.xml, How was he able to load this XML as far as I can sell the firewall only load service.xml
Any tips or help would be much appreciated?
Hello nicholas,
i have the same problem, i've found this:
Creating custom firewall rules in VMware ESXi 5.x (2008226) | VMware KB
Enable the SSH shell for your host, then follow the instructions in the KB article to create a new "service".
Configuring the firewall is now really a mess, they should have stayed with the iptables...
To answer your question:
http://www.virtuallyghetto.com/2011/07/how-to-create-custom-firewall-rules-in.html
esxcli network firewall ruleset allowedip add --ip-address=172.30.0.0/24 --ruleset-id=virtuallyGhetto
I guess the ruleset will automatically search for the .xml file named "virtuallyGhetto", if its placed in the right directory.
And no, its not the only way, take a look at the first link, you can just modify the services.xml and add a new service.
Did you follow the KB article provided by DPSB? You have to make sure you enable "sticky bit", before you change services.xml, otherwise changes won't persist after a reboot. More on what happens behind the scenes in this VMTN post:
Re: VMWare ESXi Installation Failing - Help!
I'll check this out and see if I can get it working. Going to start up or research another topic as well in relation to cron. Thank you!