ESXi 5.5 配置firewall rule只允许特定的IP地址或者网段访问SSH和SNMP服务
只允许特定的IP地址或者IP段能够获取ESXi的SNMP的数据
You can change the firewall rule to only allow a specific subnet or host if you would like to.
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.12.0/24
esxcli network firewall ruleset set --ruleset-id snmp --enabled true
/etc/init.d/snmpd restart
只允许特定的IP地址或者IP段能够访问SSH服务
esxcli network firewall ruleset list
esxcli network firewall ruleset set --ruleset-id sshServer --allowed-all false
esxcli network firewall ruleset allowedip add --ruleset-id sshServer --ip-address 192.168.66.0/24
esxcli network firewall ruleset allowedip add --ruleset-id sshServer --ip-address 192.168.12.0/24
esxcli network firewall ruleset set --ruleset-id sshServer --enabled true
/etc/init.d/SSH restart
防火墙保存位置/etc/vmware/firewall/
chmod 744 /etc/vmware/firewall/service.xml
chmod +t /etc/vmware/firewall/service.xml
Refresh the firewall rules for the changes to take effect by running the command:
esxcli network firewall refresh
or
localcli network firewall refresh
reboot -f 重启ESXi,非必要步骤。