upg3
Contributor
Contributor

ESXi uses which Linux based/type firewall tool?

We know in VSP4, ESX comes with a firewall that controls traffic into and out of the Service, which is based on the Linux iptables firewall.

Is there any similar firewall in VSP5.x or later version of ESXi as well???....i mean iptables or any such similar in Linux.

Thanks.

3 Replies
abhilashhb
VMware Employee
VMware Employee

ESXi 5.0 has a new firewall engine that is not based on iptables.

Some other important points about the firewall can be found in the below command.

VMware KB: About the ESXi 5.x and 6.0 firewall

------------------------------------------------------------------------------------------------------------------------------------ If you find this or any other answer useful please mark the answer as correct or helpful. Abhilash B | Blog : http://vpirate.in | Twitter : @abhilashhb | LinkedIn : https://www.linkedin.com/in/abhilashhb/ |
upg3
Contributor
Contributor

Thanks Abhilash for your response and for the KB link.

From the KB article we come to know that ESXi 5.0 and later versions has a new firewall engine that is not based on iptables.

Any idea what is the new firewall engine named 5.0 onward and if it is based on or similar to any of such firewall tool used in Linux?

0 Kudos
JarryG
Expert
Expert

ESXi is using its own firewall engine, which is *NOT* based on any linux filtering tool.

It is simply ESXi-firewall. It is very "basic", and lacks a lot of functionality of modern firewalls and can not be compared to iptables at all (not even to ipchains or ipfwadm). Personally I do not understand why VMware did not adopted iptables, but that was their decision. Ultimately, ESXi-firewall is not designed to serve as the only protection layer for ESXi...

_____________________________________________ If you found my answer useful please do *not* mark it as "correct" or "helpful". It is hard to pretend being noob with all those points! 😉
0 Kudos