| ||||||||||||||||||||||
Configure and administer the ESXi firewall ESXi includes a firewall between the management interface and the network. The firewall is enabled by default. At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for the default services listed in TCP and UDP ports for Management Access. |
||||||||||||||||||||||
The firewall also allows Internet Control Message Protocol (ICMP) pings and communication with DHCP and DNS (UDP only) clients. Supported services and management agents that are required to operate the host are described in a rule set configuration file in the ESXi firewall directory /etc/vmware/firewall/. The file contains firewall rules and lists each rule's relationship with ports and protocols. You cannot add a rule to the ESXi firewall unless you create and install a VIB that contains the rule set configuration file. The VIB authoring tool is available to VMware partners. Rule Set Configuration FilesA rule set configuration file contains firewall rules and describes each rule's relationship with ports and protocols. The rule set configuration file can contain rule sets for multiple services. Example: Rule Set Configuration File <ConfigRoot> |
||||||||||||||||||||||
You can configure firewall properties to allow or deny access for a service or management agent. You add information about allowed services and management agents to the host configuration file. You can enable or disable these services and agents using the vSphere Client or at the command line. You can specify which networks are allowed to connect to each service that is running on the host. Procedure
The NFS Client rule set behaves differently than other ESXi firewall rule sets. ESXi configures NFS Client settings when you mount or
unmount an NFS datastore. Firewall Configuration Using the ESXi ShellThe vSphere Client graphical user interface provides the preferred means of performing many configuration tasks. However, you can use the ESXi Shell to configure ESXi at the command line if necessary.
|
||||||||||||||||||||||
References:
|
||||||||||||||||||||||
|