Hi guys !

In this post i’ll explain how to create a custom firewall rules in VMware ESXi 6.0.

How it works ?

To access the firewall configurations, you can use the following esxcli namespace: esxcli network firewall.

To list the default firewall rules, you can run the following command:  

In this screen you can see all rules that are configure in your ESX and the state of them.

How to create a custom firewall rule ?

If you want to create your own rules, you need to create a new xml file. You can take an example with the fdm.xml file in /etc/vmware/firewall.

In my case, i need to create a specific rule to send an email when my backup is finished. To make this, following the nexts steps :

1. Copy the fdm.xml to a new file

2. Edit the new file and insert your configuration

In the following example, I have created a new firewall rule called “smtp” and it will have port 25 using TCP for outbound.

Next you will need to reload the firewall by performing a “refresh” operation and then list the rules again using the following commands:  

You can also verify that the individual rulesets for our new firewall rule/service by running the following command and grepping for the rule in question:

 

The new firewall rule are also viewable under the host configuration section “Security Profile” using the vSphere Web Client:

 

/!\ Just a mention ! With this method, your rule will not persistent if you restart your server. /!\ If you want to persist, you can read this post /!\

Thx for reading 🙂