Create a backup of firewall config file
cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
Modify the access permissions of the service.xml file to allow writes by running the chmod command:
To allow writes:
chmod 644 /etc/vmware/firewall/service.xml
To toggle the sticky bit flag:
chmod +t /etc/vmware/firewall/service.xml
Update file service.xml
vi /etc/vmware/firewall/service.xml
add rule (for example Squid proxy)
<!-- Proxy Server on 3128/tcp -->
<service id='0045'>
<id>Proxy Server Squid</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>3128</begin>
<end>3128</end>
</port>
</rule>
<enabled>false</enabled>
<required>false</required>
</service>
Reset permissions
chmod 444 /etc/vmware/firewall/service.xml chmod +t /etc/vmware/firewall/service.xml
Refresh the firewall rules for the changes to take effect by running the command:
esxcli network firewall refresh
To make persistent it we need to update service.xml file at boot time, so:
Create file /vmfs/volumes/datastore1/etc/squid.xml with follow content:
<ConfigRoot>
<service>
<id>Proxy Server Squid</id>
<rule id = '0000'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>3128</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
Edit file /etc/rc.local
chmod 644 /etc/rc.local chmod +t /etc/rc.local vi /etc/rc.local
So the created files are copied back to host at boot time. Add lines to the end of the file, for example:
#copy the new firewall rule from vmfs place holder to file system cp /vmfs/volumes/datastore1/etc/squid.xml /etc/vmware/firewall/ #refresh firewall rules esxcli network firewall refresh
Reset permissions
chmod 555 /etc/rc.local