ESXi ESXCLI Firewall Commands

You can use the ESXi Shell or ESXCLI commands to configure ESXi at the command line to automate a firewall configuration.

NOTE: You can only manage predefined ports. To create custom firewall ports you need to create XML file

Command	Description
esxcli network firewall get	Return the enabled or disabled status of the firewall and lists default actions.
esxcli network firewall set –default-action	Set to true to set the default action to pass. Set to false to set the default action to drop.
esxcli network firewall set –enabled	Enable or disable the ESXi firewall.
esxcli network firewall load	Load the firewall module and rule set configuration files.
esxcli network firewall refresh	Refresh the firewall configuration by reading the rule set files if the firewall module is loaded.
esxcli network firewall unload	Destroy filters and unload the firewall module.
esxcli network firewall ruleset list	List rule sets information.
esxcli network firewall ruleset set –allowed-all	Set to true to allow all access to all IPs. Set to false to use a list of allowed IP addresses.
esxcli network firewall ruleset set –enabled –ruleset-id=<string>	Set enabled to true to enable the specified ruleset. Set enabled to false to disable the specified ruleset.
esxcli network firewall ruleset allowedip list	List the allowed IP addresses of the specified rule set.
esxcli network firewall ruleset allowedip add	Allow access to the rule set from the specified IP address or range of IP addresses.
esxcli network firewall ruleset allowedip remove	Remove access to the rule set from the specified IP address or range of IP addresses.
esxcli network firewall ruleset rule list	List the rules of each ruleset in the firewall.