VMware

Configuring the ESX Firewall

The ESX firewall can be managed from the command line. If you login over SSH you can then use the following command to view (query) all of the active firewall entries (for those BSD/OS X folks, this command is similar to the ipfw command):

esxcfg-firewall –q

So we’re going to step through opening ports 3389 and 25 UDP and TCP into and out of our VM. We’re going to continue using the esxcfg-firewall command, as it’s the primary interface into the ESX servers/clusters firewall engine. We’re also going to use the -o option to open the port and then follow that up with a comma delimited set of parameters for the port (port # followed by whether it’s tcp or udp followed by whether it’s incoming or outgoing followed by a friendly name, which is just for us to be able to find our rules later):

esxcfg-firewall -o 3389,udp,in,LDAPUDPIN
esxcfg-firewall -o 3389,udp,out,LDAPUDPOUT
esxcfg-firewall -o 3389,tcp,in,LDAPTCPIN
esxcfg-firewall -o 3389,tcp,out,LDAPTCPOUT
esxcfg-firewall -o 25,tcp,in,SMTPTCPIN
esxcfg-firewall -o 25,tcp,out,SMTPTCPOUT
esxcfg-firewall -o 25,udp,out,SMTPUDPOUT
esxcfg-firewall -o 25,udp,in,SMTPUDPIN