PowerCLI

 View Only

  • 1.  Review the host firewall rules for all incoming connections.

    Posted Apr 20, 2020 05:20 PM

    I would like to create a script that can help me to get From the vSphere Client select the ESXi Host the properties for each enabled service for Firewall and review the incoming requests where it is allowed from "All" IPs.

    the ENV. is very huge and we need on the first step identify the configuration and then found a way via script to set the correct configuration

    any idea?



  • 2.  RE: Review the host firewall rules for all incoming connections.
    Best Answer

    Posted Apr 20, 2020 05:34 PM

    Something like this perhaps?

    Get-VMHost -PipelineVariable esx |

    ForEach-Object -Process {

        $esxcli = Get-EsxCli -VMHost $esx -V2

        $esxcli.network.firewall.ruleset.rule.list.Invoke() |

        Select @{N='VMHost';E={$esx.Name}},RuleSet,

        @{N='Enabled';E={$esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid="$($_.Ruleset)"}).Enabled}},

        Direction,Protocol,PortBegin,PortEnd,PortType

    }



  • 3.  RE: Review the host firewall rules for all incoming connections.

    Posted Apr 21, 2020 01:29 PM

    Thank you :smileyhappy:

    can I add information AllowedIP Addresses after PortType?



  • 4.  RE: Review the host firewall rules for all incoming connections.

    Posted Apr 21, 2020 01:47 PM

    Sure, try like this

    Get-VMHost -PipelineVariable esx |

    ForEach-Object -Process {

        $esxcli = Get-EsxCli -VMHost $esx -V2

        $esxcli.network.firewall.ruleset.rule.list.Invoke() |

        select @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,

        @{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },

        Direction, Protocol, PortBegin, PortEnd, PortType,

        @{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }

    }



  • 5.  RE: Review the host firewall rules for all incoming connections.

    Posted Jan 25, 2022 09:51 PM

    Thanks for sharing. This script works for me.

    Can we modify this script to export these results in a CSV file.



  • 6.  RE: Review the host firewall rules for all incoming connections.

    Posted Jan 25, 2022 11:19 PM

    Just add the Export-Csv after the last curly brace.

    Get-VMHost -PipelineVariable esx |
ForEach-Object -Process {
    $esxcli = Get-EsxCli -VMHost $esx -V2
    $esxcli.network.firewall.ruleset.rule.list.Invoke() |
    select @{N = 'VMHost'; E = { $esx.Name } }, RuleSet,
    @{N = 'Enabled'; E = { $esxcli.network.firewall.ruleset.list.Invoke(@{rulesetid = "$($_.Ruleset)" }).Enabled } },
    Direction, Protocol, PortBegin, PortEnd, PortType,
    @{N = 'AllowedIP'; E = { ($esxcli.network.firewall.ruleset.allowedip.list.Invoke(@{rulesetid = "$($_.Ruleset)" })).AllowedIPAddresses -join '|' } }
} | Export-Csv -Path .\report.csv -NoTypeInformation -UseCulture