Hello,
ESX by default already DROPS packets.
If you run 'esxcfg-firewall -q | more' you will see that the default POLICY for each table is to drop packets.
Are you trying to 'detect' port scans and close open ports to those that do portscans?
Best regards,
Edward
--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill