Last active
November 18, 2023 21:24
-
-
Save dtaivpp/3cfb7924fd7252f52ee9bf7cc35047af to your computer and use it in GitHub Desktop.
Adding ESXI v7 Persistent Firewall Rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # local configuration options | |
| # Note: modify at your own risk! If you do/use anything in this | |
| # script that is not part of a stable API (relying on files to be in | |
| # specific places, specific tools, specific output, etc) there is a | |
| # possibility you will end up with a broken system after patching or | |
| # upgrading. Changes are not supported unless under direction of | |
| # VMware support. | |
| # Note: This script will not be run when UEFI secure boot is enabled. | |
| /bin/cat > /etc/vmware/firewall/logging.xml << EOF | |
| <ConfigRoot> | |
| <!-- Logging Ports for communication --> | |
| <service> | |
| <id>logging-ports</id> | |
| <rule id='0000'> | |
| <direction>inbound</direction> | |
| <protocol>udp</protocol> | |
| <porttype>dst</porttype> | |
| <port> | |
| <begin>5140</begin> | |
| <end>5140</end> | |
| </port> | |
| </rule> | |
| <rule id='0001'> | |
| <direction>inbound</direction> | |
| <protocol>udp</protocol> | |
| <porttype>dst</porttype> | |
| <port> | |
| <begin>2055</begin> | |
| <end>2055</end> | |
| </port> | |
| </rule> | |
| <enabled>true</enabled> | |
| <required>false</required> | |
| </service> | |
| </ConfigRoot> | |
| EOF | |
| /bin/cat > /etc/vmware/firewall/k8s.xml << EOF | |
| <ConfigRoot> | |
| <!-- Kubernetes Ports for communication --> | |
| <service> | |
| <id>kubernetes-ports</id> | |
| <rule id='0000'> | |
| <direction>inbound</direction> | |
| <protocol>tcp</protocol> | |
| <porttype>dst</porttype> | |
| <port> | |
| <begin>6443</begin> | |
| <end>6443</end> | |
| </port> | |
| </rule> | |
| <rule id='0001'> | |
| <direction>outbound</direction> | |
| <protocol>tcp</protocol> | |
| <porttype>dst</porttype> | |
| <port> | |
| <begin>6443</begin> | |
| <end>6443</end> | |
| </port> | |
| </rule> | |
| <enabled>true</enabled> | |
| <required>false</required> | |
| </service> | |
| </ConfigRoot> | |
| EOF | |
| /sbin/esxcli network firewall refresh | |
| exit 0 |
I figured it out. Thank you so much for getting back to me. Its the darn VBS even though I unchecked it and thought I removed the settings off of the VM, I was still persistent. I had to rebuild the VM and that resoled my issue.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
You should be able to modify begin/end to the port range that you are looking for. It may be blocking you because 49152-65535 are generally reserved for client devices on the network. Can you share your config?