esxcfg-firewall
Section: Maintenance Commands (8)
Index
Return to Main Contents
BSD mandoc
VMware ESX 4.0
NAME
esxcfg-firewall
- VMware ESX Firewall Configuration Tool
SYNOPSIS
esxcfg-firewall OPTIONS
DESCRIPTION
esxcfg-firewall provides an interface to query and modify the service console firewall settings.
OPTIONS
- -q -query
-
Displays the current firewall settings.
- -q -query service name
-
Displays the state of the specified service.
- -q -query incoming|outgoing
-
Displays the whether or not incoming/outgoing ports are blocked by default.
- -s -services
-
Lists the known firewall services.
- -l -load
-
Load the current firewall settings.
- -r -resetDefaults
-
Resets all firewall parameters to their default values.
- --blockIncoming
-
Block all incoming connections on non-required ports. This is the default.
- --blockOutgoing
-
Block all outgoing connections on non-required ports. This is the default.
- --allowIncoming
-
Allow incoming connections on all ports.
- --allowOutgoing
-
Allow outgoing connections on all ports.
- --e -enableService service
-
Opens the ports in the firewall required by the specified service.
- --d -disableService service
-
Closes the ports in the firewall required by the specified service.
- -o -openPort port,tcp|udp,in|out,name
-
Opens a port in the firewall.
- -c -closePort port,tcp|udp,in|out
-
Closes a port previously opened by --openPort.
- --ipruleAdd host,cport,tcp|udp,REJECT|DROP|ACCEPT,name
-
Adds a rule to block/allow hosts to access specific COS service;"cport" can be specified like "a:b",e.g. 0:65535 stands for all ports; "host" can be specified like "a/b", e.g. 0.0.0.0/0 stands for all hosts same as "iptables".
- --ipruleDel host,cport,tcp|udp,REJECT|DROP|ACCEPT
-
Deletes a rule previously added by --ipruleAdd .
- --moduleAdd modulename
-
Loads the specified iptables module, and updates the firewall configuration to reload it on startup.
- --moduleDel modulename
-
Removes the specified iptables module, and removes it from the firewall configuration.
- -h -help
-
Print a brief usage message.
EXAMPLES
--query sshClient
--openPort 873,tcp,in,"rsync"
--enableService sshClient
To allow only one host access specified port of COS
--ipruleAdd 0.0.0.0/0,902,tcp,REJECT,"block_902"
--ipruleAdd 192.168.1.1,902,tcp,ACCEPT,"allow_one"
To allow one host access all ports of COS
--ipruleAdd 192.168.1.1,0:65535,tcp,ACCEPT,"allports"
To block one host access one port of COS
--ipruleAdd 192.168.1.1,22,tcp,DROP,"blockone"
To add / del "ip_conntrack_ftp" iptable module
--moduleAdd ip_conntrack_ftp
--moduleDel ip_conntrack_ftp
COPYRIGHT
VMware ESX is Copyright 1998-2009 VMware, Inc. All rights reserved.
Index
- NAME
-
- SYNOPSIS
-
- DESCRIPTION
-
- OPTIONS
-
- EXAMPLES
-
- COPYRIGHT
-
This document was created by
man2html,
using the manual pages. Brought to you by Bouke Groenescheij, www.jume.nl
Time: 15:25:08 GMT, May 26, 2009