前言
在客户处遇到esxi主机从vCenter断开连接,也无法通过Web Client客户端登录到单个主机。需要采用命令手动操作esxi防火墙,遂记录一下采用命令操作esxi防火墙。
命令细节
- 查看本地防火墙状态
[root@esxi02:~] esxcli network firewall get
Default Action: DROP
Enabled: true
Loaded: true2.启用或禁用ESXi防火墙
[root@esxi02:~] esxcli network firewall set --enabled false
[root@esxi02:~] esxcli network firewall get
Default Action: DROP
Enabled: false
Loaded: true[root@esxi02:~] esxcli network firewall set --enabled true
[root@esxi02:~] esxcli network firewall get
Default Action: DROP
Enabled: true
Loaded: true3.销毁过滤器并卸载防火墙模块
[root@esxi02:~] esxcli network firewall unload4.加载防火墙模块和规则集配置文件
[root@esxi02:~] esxcli network firewall load5.列出规则集信息
[root@esxi02:~] esxcli network firewall ruleset list
Name Enabled
----------------------------- -------
sshServer true
sshClient true
nfsClient false
nfs41Client false
dhcp true
dns true
snmp true
ntpClient true
CIMHttpServer true
CIMHttpsServer true
CIMSLP true
iSCSI true
vpxHeartbeats true
updateManager true
faultTolerance true
webAccess true
vMotion true
vSphereClient true
activeDirectoryAll false
NFC true
HBR true
ftpClient false
httpClient false
gdbserver false
DVFilter true
DHCPv6 true
DVSSync true
syslog true
WOL true
vSPC false
remoteSerialPort false
rdt true
cmmds true
vsanvp true
rabbitmqproxy true
ipfam false
vvold false
iofiltervp true
esxupdate false
vit false
vsanEncryption false
pvrdma false
hyperbus true
bfdDP true
bridgeHA true
vShield-Endpoint-Mux true
vShield-Endpoint-Mux-Partners false
nsxOverlay true
nsxRMQ false
nsx-mpa true
nsx-opsagent true
nsxProxyRule true
nsxMPAPI true
fdm false
vsanhealth-unicasttest false6.启用规则集
[root@esxi02:~] esxcli network firewall ruleset set --enabled true --ruleset-id=sshClient7.关闭规则集
[root@esxi02:~] esxcli network firewall ruleset set --enabled false --ruleset-id=sshClient8.列出指定规则集允许的 IP 地址
[root@esxi02:~] esxcli network firewall ruleset allowedip list
Ruleset Allowed IP Addresses
----------------------------- --------------------
sshServer All
sshClient All
nfsClient All
nfs41Client All
dhcp All
dns All
snmp All
ntpClient All
CIMHttpServer All
CIMHttpsServer All
CIMSLP All
iSCSI All
vpxHeartbeats All
updateManager All
faultTolerance All
webAccess All
vMotion All
vSphereClient All
activeDirectoryAll All
NFC All
HBR All
ftpClient All
httpClient All
gdbserver All
DVFilter All
DHCPv6 All
DVSSync All
syslog All
WOL All
vSPC All
remoteSerialPort All
rdt All
cmmds All
vsanvp All
rabbitmqproxy All
ipfam All
vvold All
iofiltervp All
esxupdate All
vit All
vsanEncryption All
pvrdma All
hyperbus All
bfdDP All
bridgeHA All
vShield-Endpoint-Mux All
vShield-Endpoint-Mux-Partners All
nsxOverlay All
nsxRMQ All
nsx-mpa All
nsx-opsagent All
nsxProxyRule All
nsxMPAPI All
fdm All
vsanhealth-unicasttest Al9.列出防火墙中的每个规则集的规则
[root@esxi02:~] esxcli network firewall ruleset rule list
Ruleset Direction Protocol Port Type Port Begin Port End
----------------------------- --------- -------- --------- ---------- --------
sshServer Inbound TCP Dst 22 22
sshClient Outbound TCP Dst 22 22
nfsClient Outbound TCP Dst 0 65535
nfs41Client Outbound TCP Dst 0 65535
dhcp Inbound UDP Dst 68 68
dhcp Outbound UDP Src 68 68
dns Inbound UDP Dst 53 53
dns Outbound UDP Dst 53 53
dns Outbound TCP Dst 53 53
snmp Inbound UDP Dst 161 161
ntpClient Outbound UDP Dst 123 123
CIMHttpServer Inbound TCP Dst 5988 5988
CIMHttpsServer Inbound TCP Dst 5989 5989
CIMSLP Inbound UDP Dst 427 427
CIMSLP Outbound UDP Dst 427 427
CIMSLP Inbound TCP Dst 427 427
CIMSLP Outbound TCP Dst 427 427
iSCSI Outbound TCP Dst 3260 3260
vpxHeartbeats Outbound UDP Dst 902 902
updateManager Outbound TCP Dst 80 80
updateManager Outbound TCP Dst 9000 9100
faultTolerance Outbound TCP Dst 80 80
faultTolerance Inbound TCP Dst 8300 8300
faultTolerance Outbound TCP Dst 8300 8300
webAccess Inbound TCP Dst 80 80
vMotion Inbound TCP Dst 8000 8000
vMotion Outbound TCP Dst 8000 8000
vSphereClient Inbound TCP Dst 902 902
vSphereClient Inbound TCP Dst 443 443
activeDirectoryAll Outbound UDP Dst 88 88
activeDirectoryAll Outbound TCP Dst 88 88
activeDirectoryAll Outbound UDP Dst 123 123
activeDirectoryAll Outbound UDP Dst 137 137
activeDirectoryAll Outbound TCP Dst 139 139
activeDirectoryAll Outbound TCP Dst 389 389
activeDirectoryAll Outbound UDP Dst 389 389
activeDirectoryAll Outbound TCP Dst 445 445
activeDirectoryAll Outbound UDP Dst 464 464
activeDirectoryAll Outbound TCP Dst 464 464
activeDirectoryAll Outbound TCP Dst 3268 3268
activeDirectoryAll Outbound TCP Dst 7476 7476
activeDirectoryAll Inbound TCP Dst 2020 2020
NFC Inbound TCP Dst 902 902
NFC Outbound TCP Dst 902 902
HBR Outbound TCP Dst 31031 31031
HBR Outbound TCP Dst 44046 44046
ftpClient Outbound TCP Dst 21 21
ftpClient Inbound TCP Src 20 20
httpClient Outbound TCP Dst 80 80
httpClient Outbound TCP Dst 443 443
gdbserver Inbound TCP Dst 1000 9999
gdbserver Inbound TCP Dst 50000 50999
DVFilter Inbound TCP Dst 2222 2222
DHCPv6 Outbound TCP Dst 547 547
DHCPv6 Inbound TCP Dst 546 546
DHCPv6 Outbound UDP Dst 547 547
DHCPv6 Inbound UDP Dst 546 546
DVSSync Outbound UDP Dst 8302 8302
DVSSync Inbound UDP Dst 8301 8301
DVSSync Outbound UDP Dst 8301 8301
DVSSync Inbound UDP Dst 8302 8302
syslog Outbound UDP Dst 514 514
syslog Outbound TCP Dst 514 514
syslog Outbound TCP Dst 1514 1514
WOL Outbound UDP Dst 9 9
vSPC Outbound TCP Dst 0 65535
remoteSerialPort Outbound TCP Dst 0 65535
remoteSerialPort Inbound TCP Dst 23 23
remoteSerialPort Inbound TCP Dst 1024 65535
rdt Inbound TCP Dst 2233 2233
rdt Outbound TCP Dst 2233 2233
cmmds Inbound UDP Dst 12345 12345
cmmds Inbound UDP Dst 23451 23451
cmmds Outbound UDP Dst 12345 12345
cmmds Outbound UDP Dst 23451 23451
cmmds Inbound UDP Dst 12321 12321
cmmds Outbound UDP Dst 12321 12321
vsanvp Inbound TCP Dst 8080 8080
vsanvp Outbound TCP Dst 8080 8080
rabbitmqproxy Outbound TCP Dst 5671 5671
ipfam Inbound UDP Dst 6999 6999
ipfam Outbound UDP Dst 6999 6999
vvold Outbound TCP Dst 0 65535
iofiltervp Inbound TCP Dst 9080 9080
esxupdate Outbound TCP Dst 443 443
vit Inbound TCP Dst 3260 3260
vsanEncryption Outbound TCP Dst 0 65535
pvrdma Outbound TCP Dst 28250 28761
pvrdma Inbound TCP Dst 28250 28761
hyperbus Outbound TCP Dst 2345 2345
bfdDP Outbound UDP Dst 3784 3784
bridgeHA Outbound UDP Dst 20162 20162
bridgeHA Inbound UDP Dst 20162 20162
vShield-Endpoint-Mux Outbound TCP Dst 48651 48666
vShield-Endpoint-Mux-Partners Outbound TCP Dst 4413 4413
nsxOverlay Outbound UDP Dst 6081 6081
nsxRMQ Outbound TCP Dst 5671 5671
nsx-mpa Outbound TCP Dst 5671 5671
nsx-opsagent Outbound UDP Dst 4754 4754
nsxProxyRule Outbound TCP Dst 1235 1235
nsxProxyRule Outbound TCP Dst 1234 1234
nsxMPAPI Outbound TCP Dst 443 443
fdm Inbound TCP Dst 8182 8182
fdm Outbound TCP Dst 8182 8182
fdm Inbound UDP Dst 8182 8182
fdm Outbound UDP Dst 8182 8182
vsanhealth-unicasttest Outbound UDP Dst 5201 5201
vsanhealth-unicasttest Inbound UDP Dst 5201 5201
vsanhealth-unicasttest Outbound TCP Dst 5201 5201
vsanhealth-unicasttest Inbound TCP Dst 5201 5201