Lock down ESX Firewall after patching

Chamon · ‎12-20-2007

I am using a ftp server on the vCenter to patch our ESX 3.0.2 servers. The patching guide sasy to open all outgoing ports with esxcfg-firewall –AllowOutgoing . My guestion is that the only command to close the ports just opened is esxcfg-firewall –Block Outgoing but this will block all out going ports. So to secure the system after patching what are the outgoing ports that should be closed? Or is it easier to close all of them and then open the ones that ESX needs? Both the ESX servers and the Vcenter are behind the same firewall. Any assistance with this is appreciated.

E_A_ · ‎12-20-2007

Hi Chamon

I think you can use many ways. These two are easy ways.

Stop firewalling when patching and then restart. Easy rapid and no misconfiguration.

Another way is consider that the console firewall is a iptables so you can add a rule manually at run time without save and after patching reload the firewall. This action automatically discard the rules you add.

Bye

E.A.

______________________________________________

you do not really understand something

unless you can explain it to your grandmother

(Albert Einstein)

E.A. ______________________________________________ you do not really understand something unless you can explain it to your grandmother (Albert Einstein)