OK, so this is a weird one. I had V installed, ripped it out by manual VIB uninstall and am now installing T.
I’m using the DFW in NSX-T 2.3.1 in my home lab to block pings (fairly trivial use case) and I’m not able to get it to work either in my home lab or in the my employer solution center. This is happening both for layer 3 and layer 2 rules. I even tried blocking all traffic between VMs on an NSX-T logical switch and nothing is getting matched.
I'm totally weirded out that I'm seeing this in two distinct environments. Since it's lab environments, I don't have support, but I could easilly see people falling into this circumstance where V was previously installed and the ESXi install was just re-used.
OK, so authoritative answers are as follows:
try vsipioctl getrules -f <filtername>
rather than <rulename> and see what happens?
Also have you tried using nsxcli?
OK, so authoritative answers are as follows:
OK, so authoritative answers are as follows: