ESXi

Hi Sir,
I follow below rule want to change /etc/vmware/firewall/service.xml, but this still not working.
https://kb.vmware.com/s/article/2008226
Could you kindly help, we want to custom firewall setting in ESXI7.0.

In ESXi 7.0+ access to the above files is restricted.

To work around this you can do the following
Copy the file to a datastore on the host.
Make the required changes to the file
In the /etc/rc.local.d/local.sh file add the command to copy and replace the file needed.
In order to force this command to persist across reboots of the ESXi server host, the command has to be added manually to the /etc/rc.local.d/local.sh file on the ESXi server.
Note: The correct way to open up ports is through a partner-created VIB to open the ports or change the files needed.

dont modify the service.xml - just place your own firewall as xml file into the firewall folder

place the xml to a datastore, copy it via local.sh to /etc/vmare/firewall and refresh firewall with esxcli network firewall refresh

Many thanks, it's work now!!!

Hi - Sorry to ask a question on such an old thread, but I'm wondering when you say copy your own firewall xml do you mean put all your changes in a file called firewall.xml and then copy this back to /etc/vmware/firewall?

Just want to make sure before I do this.

Thanks

yes- create your own xml, name it what you want (except service.xml or any existingxml) and copy it into /etc/vmware/firewall, then refresh the firewall

Thanks for confirming this really appreciate it

According to https://kb.vmware.com/s/article/2043564 any custom actions under local.sh with UEFI Secure Boot enabled will not function. Maybe you know any workaround for systems secured with TPM?

yes - ran into the same problem after enabling secure boot.

currently i have no solution