VMware Cloud Community
NancyChiang
Contributor
Contributor
‎10-19-2021 12:39 AM
Jump to solution

custom firewall setting in ESXI7.0 operation not permitted


Hi Sir,
I follow below rule want to change /etc/vmware/firewall/service.xml, but this still not working.
https://kb.vmware.com/s/article/2008226
Could you kindly help, we want to custom firewall setting in ESXI7.0.

In ESXi 7.0+ access to the above files is restricted.

To work around this you can do the following
Copy the file to a datastore on the host.
Make the required changes to the file
In the /etc/rc.local.d/local.sh file add the command to copy and replace the file needed.
In order to force this command to persist across reboots of the ESXi server host, the command has to be added manually to the /etc/rc.local.d/local.sh file on the ESXi server.
Note: The correct way to open up ports is through a partner-created VIB to open the ports or change the files needed.

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
berndweyand
Expert
Expert
‎10-19-2021 12:45 AM
Jump to solution

dont modify the service.xml - just place your own firewall as xml file into the firewall folder

place the xml to a datastore, copy it via local.sh to /etc/vmare/firewall and refresh firewall with esxcli network firewall refresh

 

View solution in original post

Reply
0 Kudos
7 Replies
berndweyand
Expert
Expert
‎10-19-2021 12:45 AM
Jump to solution

dont modify the service.xml - just place your own firewall as xml file into the firewall folder

place the xml to a datastore, copy it via local.sh to /etc/vmare/firewall and refresh firewall with esxcli network firewall refresh

 

Reply
0 Kudos
NancyChiang
Contributor
Contributor
‎10-19-2021 01:01 AM
Jump to solution

Many thanks, it's work now!!!😀

Reply
0 Kudos
Stingeremu
Contributor
Contributor
‎08-24-2022 05:08 AM
Jump to solution

Hi - Sorry to ask a question on such an old thread, but I'm wondering when you say copy your own firewall xml do you mean put all your changes in a file called firewall.xml and then copy this back to /etc/vmware/firewall?

Just want to make sure before I do this.

Thanks

Reply
0 Kudos
berndweyand
Expert
Expert
‎08-24-2022 06:36 AM
Jump to solution

yes- create your own xml, name it what you want (except service.xml or any existingxml) and copy it into /etc/vmware/firewall, then refresh the firewall

Reply
0 Kudos
Stingeremu
Contributor
Contributor
‎08-24-2022 06:48 AM
Jump to solution

Thanks for confirming this really appreciate it

Reply
0 Kudos
hyperwyrm
Contributor
Contributor
‎06-10-2023 07:49 AM
Jump to solution

According to https://kb.vmware.com/s/article/2043564 any custom actions under local.sh with UEFI Secure Boot enabled will not function. Maybe you know any workaround for systems secured with TPM?

Reply
0 Kudos
berndweyand
Expert
Expert
‎06-12-2023 12:18 AM
Jump to solution

yes - ran into the same problem after enabling secure boot.

currently i have no solution

Reply
0 Kudos