命令 | 描述 |
esxcli network firewall get | 返回防火墙的启用或禁用状态,并列出默认操作。 |
esxcli network firewall set –default-action | 设置为 true 可将默认操作设置为通过。设置为 false 可将默认操作设置为丢弃。 |
esxcli network firewall set –enabled | 启用或禁用ESXi防火墙。 |
esxcli network firewall load | 加载防火墙模块和规则集配置文件。 |
esxcli network firewall refresh | 如果已加载防火墙模块,则通过读取规则集文件来刷新防火墙配置。 |
esxcli network firewall unload | 破坏过滤器并卸载防火墙模块。 |
esxcli network firewall ruleset list | 列出规则集信息。 |
esxcli network firewall ruleset set –allowed-all | 设置为 true 可允许所有人对所有 IP 地址具有访问权限。设置为 false 可使用允许的 IP 地址列表。 |
esxcli network firewall ruleset set –enabled –ruleset-id= | 将“已启用”设置为 true 可启用指定规则集。将“已启用”设置为 false 可禁用指定规则集。 |
esxcli network firewall ruleset allowedip list | 列出指定规则集允许的 IP 地址。 |
esxcli network firewall ruleset allowedip add | 允许从指定的 IP 地址或 IP 地址范围访问规则集。 |
esxcli network firewall ruleset allowedip remove | 从指定的 IP 地址或 IP 地址范围移除对规则集的访问。 |
esxcli network firewall ruleset rule list | 列出防火墙中的每个规则集的规则。 |
实例:防火墙规则添加允许IP地址:
[root@IDC01-Test-ESXi-107:~] esxcli network firewall ruleset list
Name Enabled
--------------------------- -------
sshServer true
sshClient false
nfsClient false
nfs41Client false
dhcp true
dns true
snmp true
ntpClient true
CIMHttpServer true
CIMHttpsServer true
CIMSLP true
iSCSI false
vpxHeartbeats true
updateManager true
faultTolerance true
webAccess true
vMotion true
vSphereClient true
activeDirectoryAll false
NFC true
HBR true
ftpClient false
httpClient false
gdbserver false
DVFilter true
DHCPv6 false
DVSSync true
syslog true
WOL true
vSPC false
remoteSerialPort false
rdt false
cmmds false
ipfam false
vvold false
iofiltervp true
esxupdate false
vit false
vsanEncryption false
pvrdma false
vic-engine false
etcdClientComm false
etcdPeerComm false
settingsd false
vdfs false
gstored false
trusted-infrastructure-kmxd false
iwarp-pm false
ptpd false
trusted-infrastructure-kmxa true
nvmetcp false
fdm true
vsanhealth-unicasttest false
dynamicruleset true
[root@IDC01-Test-ESXi-107:~] esxcli network firewall ruleset list | grep web
webAccess true
[root@IDC01-Test-ESXi-107:~] esxcli network firewall ruleset allowedip list
Ruleset Allowed IP Addresses
--------------------------- --------------------
sshServer All
sshClient All
nfsClient
nfs41Client All
dhcp All
dns All
snmp All
ntpClient All
CIMHttpServer All
CIMHttpsServer All
CIMSLP 10.172.10.0/24, 192.168.0.0/16
iSCSI All
vpxHeartbeats 10.172.10.0/24, 192.168.0.0/16
updateManager All
faultTolerance All
webAccess All
vMotion All
vSphereClient 192.168.0.0/16
activeDirectoryAll All
NFC All
HBR All
ftpClient All
httpClient All
gdbserver All
DVFilter All
DHCPv6 All
DVSSync All
syslog All
WOL All
vSPC All
remoteSerialPort All
rdt All
cmmds All
ipfam All
vvold All
iofiltervp All
esxupdate All
vit All
vsanEncryption All
pvrdma All
vic-engine All
etcdClientComm All
etcdPeerComm All
settingsd All
vdfs All
gstored All
trusted-infrastructure-kmxd All
iwarp-pm All
ptpd All
trusted-infrastructure-kmxa
nvmetcp All
fdm 10.172.10.0/24, 192.168.0.0/16
vsanhealth-unicasttest All
dynamicruleset All
[root@IDC01-Test-ESXi-107:~] esxcli
esxcli esxcli.py
[root@IDC01-Test-ESXi-107:~] esxcli
esxcli esxcli.py
[root@IDC01-Test-ESXi-107:~] esxcli network firewall ruleset allowedip add --ip-address=10.79.0.0/16 --ruleset-id=vSphereClient
[root@IDC01-Test-ESXi-107:~] esxcli network firewall ruleset allowedip list
Ruleset Allowed IP Addresses
--------------------------- --------------------
sshServer All
sshClient All
nfsClient
nfs41Client All
dhcp All
dns All
snmp All
ntpClient All
CIMHttpServer All
CIMHttpsServer All
CIMSLP 10.172.10.0/24, 192.168.0.0/16
iSCSI All
vpxHeartbeats 10.172.10.0/24, 192.168.0.0/16
updateManager All
faultTolerance All
webAccess All
vMotion All
vSphereClient 192.168.0.0/16, 10.79.0.0/16
activeDirectoryAll All
NFC All
HBR All
ftpClient All
httpClient All
gdbserver All
DVFilter All
DHCPv6 All
DVSSync All
syslog All
WOL All
vSPC All
remoteSerialPort All
rdt All
cmmds All
ipfam All
vvold All
iofiltervp All
esxupdate All
vit All
vsanEncryption All
pvrdma All
vic-engine All
etcdClientComm All
etcdPeerComm All
settingsd All
vdfs All
gstored All
trusted-infrastructure-kmxd All
iwarp-pm All
ptpd All
trusted-infrastructure-kmxa
nvmetcp All
fdm 10.172.10.0/24, 192.168.0.0/16
vsanhealth-unicasttest All
dynamicruleset All
[root@IDC01-Test-ESXi-107:~]
© Заявление об авторском праве
THE END
Нет комментариев