Highlighted
Expert
Expert

Enable ssh firewall rule so that , ssh is allowed from certain ips only - Get-Esxcli

Jump to solution

Hi.

Any help is appreciated here

Goal :

Enable ssh firewall rule  so that , ssh is allowed from certain ips only

$VMHost=Get-VMHost -Name xxx

$esxcli = Get-Esxcli -VMHost $VMHost -V2

$rule = @{

    enabled = $true

    allowedall = $false

    rulesetid = 'sshServer'

}

$esxcli.network.firewall.ruleset.set.Invoke($rule)

# ## till above all is ok

## add allow ip list ## below gives an error

$rule = @{

    enabled = $true

    allowedip = 'xxx'

    rulesetid = 'sshServer'

}

$esxcli.network.firewall.ruleset.set.Invoke($rule)

LucD​ above is part of your code on other thread  but i could not apply it with more tuning Smiley Sad

thanks

Tags (1)
1 Solution

Accepted Solutions
Highlighted
User Moderator
User Moderator

I'm not sure where you got that code from, but that is not the command to add an IP address.

It should be something like this

$rule = @{

    enabled = $true

    allowedall = $false

    rulesetid = 'sshServer'

}

$esxcli.network.firewall.ruleset.set.Invoke($rule)

$ip = @{

    rulesetid = 'sshServer'

    ipaddress = '192.168.1.1'

}

$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ip)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

6 Replies
Highlighted
User Moderator
User Moderator

Can you share the error?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
Highlighted
Expert
Expert

last line only gives error

$esxcli.network.firewall.ruleset.set.Invoke($rule)

Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

At line:1 char:1

+ $esxcli.network.firewall.ruleset.set.Invoke($rule)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (:) [], FormatException

    + FullyQualifiedErrorId : System.FormatException

0 Kudos
Highlighted
User Moderator
User Moderator

I'm not sure where you got that code from, but that is not the command to add an IP address.

It should be something like this

$rule = @{

    enabled = $true

    allowedall = $false

    rulesetid = 'sshServer'

}

$esxcli.network.firewall.ruleset.set.Invoke($rule)

$ip = @{

    rulesetid = 'sshServer'

    ipaddress = '192.168.1.1'

}

$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ip)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

View solution in original post

Highlighted
Expert
Expert

LucD​ , thanks, works for single IP

I get below error when i tried to use comma  separated list of IPs , any suggestions Please

Message: EsxCLI.CLIFault.summary;

InnerText: Invalid IP Address StringEsxCLI.CLIFault.summary

At line:1 char:1

+ $esxcli.network.firewall.ruleset.allowedip.add.Invoke($ip)

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo          : OperationStopped: (:) [], MethodFault

    + FullyQualifiedErrorId : VMware.VimAutomation.Sdk.Types.V1.ErrorHandling.VimException.MethodFault

0 Kudos
Highlighted
User Moderator
User Moderator

How did you assign the multiple IP addresses to the variable $ip?
The command only allows a single or a range of IP addresses.

For multiple single IP addresses, you have to call the method for each IP address.


This is for a range.

$ip = @{

    rulesetid = 'sshServer'

    ipaddress = '192.168.1.1/24'

}

$esxcli.network.firewall.ruleset.allowedip.add.Invoke($ip)


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

Highlighted
Expert
Expert

LucD​ That helped thanks

0 Kudos