Create a backup of firewall config file
cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
Modify the access permissions of the service.xml file to allow writes by running the chmod command:
To allow writes:
chmod 644 /etc/vmware/firewall/service.xml
To toggle the sticky bit flag:
chmod +t /etc/vmware/firewall/service.xml
Update file service.xml
vi /etc/vmware/firewall/service.xml
add rule (for example Squid proxy)
<!-- Proxy Server on 3128/tcp --> <service id='0045'> <id>Proxy Server Squid</id> <rule id='0000'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port> <begin>3128</begin> <end>3128</end> </port> </rule> <enabled>false</enabled> <required>false</required> </service>
Reset permissions
chmod 444 /etc/vmware/firewall/service.xml chmod +t /etc/vmware/firewall/service.xml
Refresh the firewall rules for the changes to take effect by running the command:
esxcli network firewall refresh
To make persistent it we need to update service.xml file at boot time, so:
Create file /vmfs/volumes/datastore1/etc/squid.xml with follow content:
<ConfigRoot> <service> <id>Proxy Server Squid</id> <rule id = '0000'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>3128</port> </rule> <enabled>true</enabled> <required>false</required> </service> </ConfigRoot>
Edit file /etc/rc.local
chmod 644 /etc/rc.local chmod +t /etc/rc.local vi /etc/rc.local
So the created files are copied back to host at boot time. Add lines to the end of the file, for example:
#copy the new firewall rule from vmfs place holder to file system cp /vmfs/volumes/datastore1/etc/squid.xml /etc/vmware/firewall/ #refresh firewall rules esxcli network firewall refresh
Reset permissions
chmod 555 /etc/rc.local