VMware ESX Server 3: configure the firewall

The service console in ESX 3.x has a firewall enabled by default. The network packet filtering found in Red Hat Linux is called iptables. As the management of iptables is not entirely straightforward, the esxcfg-firewall command makes things a load easier. The firewall rules are stored in /etc/vmware/esx.conf, but we don’t go editing this file, we use this command to ensure it is locked while we make our edits. If you are very interested in the iptables commands used behind the scenes, then you can inspect the log file /var/log/vmware/esxcfg-firewall.log

We use the esxcfg-firewall command to view and configure the firewall rules. The most popular switch will be the -q switch to query the firewall for its current settings:

esxcfg-firewall -q

To start / stop the firewall:

service firewall start / stop

Add SNMP rules:

esxcfg-firewall -o 161,tcp,in,SNMP
esxcfg-firewall -o 161,udp,in,SNMP
esxcfg-firewall -o 162,tcp,out,SNMP_TRAP
esxcfg-firewall -o 162,udp,out,SNMP_TRAP

Leave a Reply