I've used some borrowed code to only permit port 52 to use allowed IPs of our DNS servers.
I'd like to write something to validate those IPs are set. I just want to list the allowed IPs.
I'm getting close, but not quite there......
$esx = Get-VMHost -Name $vmhost
$esxcli = Get-Esxcli -VMHost $esx -v2
$esxcli.network.firewall.ruleset.list.invoke()
Enabled Name
------- ----
<snip>
true dns
<snip>
$esxcli.network.firewall.ruleset.list.invoke() | where {$_.name -eq 'dns'}
Enabled Name
------- ----
true dns
$esxcli.network.firewall.ruleset.list('dns')
Method invocation failed because [VMware.VimAutomation.ViCore.Impl.V1.EsxCli.EsxCliElementImpl] does not contain a
method named 'list'.
At line:1 char:1
+ $esxcli.network.firewall.ruleset.list('dns')
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (list:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
Try with
$esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid='dns'})
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
You are using the V2 switch, the calls to esxcli have slightly changed for V2.
See PowerCLI 6.3 R1: Get-ESXCLI Why the V2? for more on that.
You should do
$esxcli = Get-Esxcli -VMHost $esx -v2
$esxcli.network.firewall.ruleset.list.invoke()
$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = 'dns' })
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Try this to list allowed IPs for all rulesets:
$esxcli.network.firewall.ruleset.allowedip.list()
And for only DNS:
$esxcli.network.firewall.ruleset.allowedip.list() | where {$_.ruleset -eq 'dns'}
dtaliaf: Thanks, When I try I get a familiar error, one I'm getting a lot trying to figure this out....
Method invocation failed because [VMware.VimAutomation.ViCore.Impl.V1.EsxCli.EsxCliElementImpl] does not contain a method named 'list'.
At line:3 char:1
+ $esxcli.network.firewall.ruleset.allowedip.list() | where {$_.ruleset ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (list:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound
I explained the V2 impact in my answer
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
LucD,
I get:
Enabled Name
------ ----
dns true
Which is good, but already known. I'm trying to get the 'Allow Any' bool value (which I hope is $false) and also the allowed IPs.
Try with
$esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid='dns'})
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Sorry I didn't get to update this before now; I got pulled into something else, but this did the trick:
$esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid='dns'})
Thank you LucD