Re: Editar reglas de firewalls del esxi 5

Hola vaysala

dale una mirada a estos links, te copié el ejemplo que citan.

Espero te sirva cualquier duda acá estamos.

Diego Quintana

Creating custom firewall rules in VMware ESXi 5.0

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2008226

 

1. Open an SSH connection to the host. For more information, see Using ESXi Shell in ESXi 5.0 (2004746).
   
   
2. List the firewall rules by running the command:
   
   # esxcli network firewall ruleset list

Name            Enabled
--------------  -----------------
sshServer       true
sshClient       false
nfsClient       true
dhcp            true
dns             true
snmp            true
ntpClient       false
CIMHttpServer   true
CIMHttpsServer  true
CIMSLP          true
iSCSI           true
   
   Note: On the vSphere Client, the DNS service is open on port 53 for UDP only.
   
   

To enable the DNS service on port 53 for TCP:

1. Back up the /etc/vmware/firewall/service.xml file by running the command:
   
   # cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
   
   
2. Modify the access permissions of the service.xml file to allow writes by running the chmod command:
   
   To allow writes:
   
   # chmod 644 /etc/vmware/firewall/service.xml
   
   To toggle the sticky bit flag:
   
   # chmod +t /etc/vmware/firewall/service.xml
   
   
3. Open the service.xml file in a text editor.
   
   
4. Add this rule to the service.xml file:
   
   <service id="0032">
<id>DNSTCPOut</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>53</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
   
   Rule set configuration file example:
   
   <ConfigRoot>
<service id='0000'>
<id>serviceName</id>
<rule id = '0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>80</port>
</rule>
<rule id='0001'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>src</porttype>
<port>
<begin>1020</begin>
<end>1050</end>
</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
   
   For more information, see the Rule Set Configuration Files section of the vSphere 5.0 Security Guide.
   
   
5. Revert the access permissions of the service.xml file to the read-only default by running the command:
   
   # chmod 444 /etc/vmware/firewall/service.xml
   
   
6. Refresh the firewall rules for the changes to take effect by running the command:
   
   # esxcli network firewall refresh
   
   or
   
   # localcli network firewall refresh
   
   Note: This setting does not persist after a reboot. To make it persist, see Changing the port used by SSH on an ESXi 5.0 host (2011818).
   
   
7. List the rules again to confirm by running the command:
   
   # esxcli network firewall ruleset list

Name            Enabled
--------------  -----------------
sshServer       true
sshClient       false
nfsClient       true
dhcp            true
dns             true
snmp            true
ntpClient       false
CIMHttpServer   true
CIMHttpsServer  true
CIMSLP          true
iSCSI           true
DNSTCPOut       true