github.com/vmware/govmomi@v0.37.1/simulator/esx/host_firewall_system.go (about) 1 /* 2 Copyright (c) 2017-2023 VMware, Inc. All Rights Reserved. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package esx 18 19 import "github.com/vmware/govmomi/vim25/types" 20 21 // HostFirewallInfo is the default template for the HostSystem config.firewall property. 22 // Capture method: 23 // govc object.collect -s -dump HostSystem:ha-host config.firewall 24 var HostFirewallInfo = types.HostFirewallInfo{ 25 DynamicData: types.DynamicData{}, 26 DefaultPolicy: types.HostFirewallDefaultPolicy{ 27 DynamicData: types.DynamicData{}, 28 IncomingBlocked: types.NewBool(true), 29 OutgoingBlocked: types.NewBool(true), 30 }, 31 Ruleset: []types.HostFirewallRuleset{ 32 { 33 DynamicData: types.DynamicData{}, 34 Key: "CIMHttpServer", 35 Label: "CIM Server", 36 Required: false, 37 Rule: []types.HostFirewallRule{ 38 { 39 DynamicData: types.DynamicData{}, 40 Port: 5988, 41 EndPort: 0, 42 Direction: "inbound", 43 PortType: "dst", 44 Protocol: "tcp", 45 }, 46 }, 47 Service: "sfcbd-watchdog", 48 Enabled: true, 49 AllowedHosts: &types.HostFirewallRulesetIpList{ 50 DynamicData: types.DynamicData{}, 51 IpAddress: nil, 52 IpNetwork: nil, 53 AllIp: true, 54 }, 55 }, 56 { 57 DynamicData: types.DynamicData{}, 58 Key: "CIMHttpsServer", 59 Label: "CIM Secure Server", 60 Required: false, 61 Rule: []types.HostFirewallRule{ 62 { 63 DynamicData: types.DynamicData{}, 64 Port: 5989, 65 EndPort: 0, 66 Direction: "inbound", 67 PortType: "dst", 68 Protocol: "tcp", 69 }, 70 }, 71 Service: "sfcbd-watchdog", 72 Enabled: true, 73 AllowedHosts: &types.HostFirewallRulesetIpList{ 74 DynamicData: types.DynamicData{}, 75 IpAddress: nil, 76 IpNetwork: nil, 77 AllIp: true, 78 }, 79 }, 80 { 81 DynamicData: types.DynamicData{}, 82 Key: "CIMSLP", 83 Label: "CIM SLP", 84 Required: false, 85 Rule: []types.HostFirewallRule{ 86 { 87 DynamicData: types.DynamicData{}, 88 Port: 427, 89 EndPort: 0, 90 Direction: "inbound", 91 PortType: "dst", 92 Protocol: "udp", 93 }, 94 { 95 DynamicData: types.DynamicData{}, 96 Port: 427, 97 EndPort: 0, 98 Direction: "outbound", 99 PortType: "dst", 100 Protocol: "udp", 101 }, 102 { 103 DynamicData: types.DynamicData{}, 104 Port: 427, 105 EndPort: 0, 106 Direction: "inbound", 107 PortType: "dst", 108 Protocol: "tcp", 109 }, 110 { 111 DynamicData: types.DynamicData{}, 112 Port: 427, 113 EndPort: 0, 114 Direction: "outbound", 115 PortType: "dst", 116 Protocol: "tcp", 117 }, 118 }, 119 Service: "", 120 Enabled: true, 121 AllowedHosts: &types.HostFirewallRulesetIpList{ 122 DynamicData: types.DynamicData{}, 123 IpAddress: nil, 124 IpNetwork: nil, 125 AllIp: true, 126 }, 127 }, 128 { 129 DynamicData: types.DynamicData{}, 130 Key: "DHCPv6", 131 Label: "DHCPv6", 132 Required: false, 133 Rule: []types.HostFirewallRule{ 134 { 135 DynamicData: types.DynamicData{}, 136 Port: 547, 137 EndPort: 0, 138 Direction: "outbound", 139 PortType: "dst", 140 Protocol: "tcp", 141 }, 142 { 143 DynamicData: types.DynamicData{}, 144 Port: 546, 145 EndPort: 0, 146 Direction: "inbound", 147 PortType: "dst", 148 Protocol: "tcp", 149 }, 150 { 151 DynamicData: types.DynamicData{}, 152 Port: 547, 153 EndPort: 0, 154 Direction: "outbound", 155 PortType: "dst", 156 Protocol: "udp", 157 }, 158 { 159 DynamicData: types.DynamicData{}, 160 Port: 546, 161 EndPort: 0, 162 Direction: "inbound", 163 PortType: "dst", 164 Protocol: "udp", 165 }, 166 }, 167 Service: "", 168 Enabled: true, 169 AllowedHosts: &types.HostFirewallRulesetIpList{ 170 DynamicData: types.DynamicData{}, 171 IpAddress: nil, 172 IpNetwork: nil, 173 AllIp: true, 174 }, 175 }, 176 { 177 DynamicData: types.DynamicData{}, 178 Key: "DVFilter", 179 Label: "DVFilter", 180 Required: false, 181 Rule: []types.HostFirewallRule{ 182 { 183 DynamicData: types.DynamicData{}, 184 Port: 2222, 185 EndPort: 0, 186 Direction: "inbound", 187 PortType: "dst", 188 Protocol: "tcp", 189 }, 190 }, 191 Service: "", 192 Enabled: false, 193 AllowedHosts: &types.HostFirewallRulesetIpList{ 194 DynamicData: types.DynamicData{}, 195 IpAddress: nil, 196 IpNetwork: nil, 197 AllIp: true, 198 }, 199 }, 200 { 201 DynamicData: types.DynamicData{}, 202 Key: "DVSSync", 203 Label: "DVSSync", 204 Required: false, 205 Rule: []types.HostFirewallRule{ 206 { 207 DynamicData: types.DynamicData{}, 208 Port: 8302, 209 EndPort: 0, 210 Direction: "outbound", 211 PortType: "dst", 212 Protocol: "udp", 213 }, 214 { 215 DynamicData: types.DynamicData{}, 216 Port: 8301, 217 EndPort: 0, 218 Direction: "inbound", 219 PortType: "dst", 220 Protocol: "udp", 221 }, 222 { 223 DynamicData: types.DynamicData{}, 224 Port: 8301, 225 EndPort: 0, 226 Direction: "outbound", 227 PortType: "dst", 228 Protocol: "udp", 229 }, 230 { 231 DynamicData: types.DynamicData{}, 232 Port: 8302, 233 EndPort: 0, 234 Direction: "inbound", 235 PortType: "dst", 236 Protocol: "udp", 237 }, 238 }, 239 Service: "", 240 Enabled: true, 241 AllowedHosts: &types.HostFirewallRulesetIpList{ 242 DynamicData: types.DynamicData{}, 243 IpAddress: nil, 244 IpNetwork: nil, 245 AllIp: true, 246 }, 247 }, 248 { 249 DynamicData: types.DynamicData{}, 250 Key: "HBR", 251 Label: "HBR", 252 Required: false, 253 Rule: []types.HostFirewallRule{ 254 { 255 DynamicData: types.DynamicData{}, 256 Port: 31031, 257 EndPort: 0, 258 Direction: "outbound", 259 PortType: "dst", 260 Protocol: "tcp", 261 }, 262 { 263 DynamicData: types.DynamicData{}, 264 Port: 44046, 265 EndPort: 0, 266 Direction: "outbound", 267 PortType: "dst", 268 Protocol: "tcp", 269 }, 270 }, 271 Service: "", 272 Enabled: true, 273 AllowedHosts: &types.HostFirewallRulesetIpList{ 274 DynamicData: types.DynamicData{}, 275 IpAddress: nil, 276 IpNetwork: nil, 277 AllIp: true, 278 }, 279 }, 280 { 281 DynamicData: types.DynamicData{}, 282 Key: "NFC", 283 Label: "NFC", 284 Required: false, 285 Rule: []types.HostFirewallRule{ 286 { 287 DynamicData: types.DynamicData{}, 288 Port: 902, 289 EndPort: 0, 290 Direction: "inbound", 291 PortType: "dst", 292 Protocol: "tcp", 293 }, 294 { 295 DynamicData: types.DynamicData{}, 296 Port: 902, 297 EndPort: 0, 298 Direction: "outbound", 299 PortType: "dst", 300 Protocol: "tcp", 301 }, 302 }, 303 Service: "", 304 Enabled: true, 305 AllowedHosts: &types.HostFirewallRulesetIpList{ 306 DynamicData: types.DynamicData{}, 307 IpAddress: nil, 308 IpNetwork: nil, 309 AllIp: true, 310 }, 311 }, 312 { 313 DynamicData: types.DynamicData{}, 314 Key: "WOL", 315 Label: "WOL", 316 Required: false, 317 Rule: []types.HostFirewallRule{ 318 { 319 DynamicData: types.DynamicData{}, 320 Port: 9, 321 EndPort: 0, 322 Direction: "outbound", 323 PortType: "dst", 324 Protocol: "udp", 325 }, 326 }, 327 Service: "", 328 Enabled: true, 329 AllowedHosts: &types.HostFirewallRulesetIpList{ 330 DynamicData: types.DynamicData{}, 331 IpAddress: nil, 332 IpNetwork: nil, 333 AllIp: true, 334 }, 335 }, 336 { 337 DynamicData: types.DynamicData{}, 338 Key: "activeDirectoryAll", 339 Label: "Active Directory All", 340 Required: false, 341 Rule: []types.HostFirewallRule{ 342 { 343 DynamicData: types.DynamicData{}, 344 Port: 88, 345 EndPort: 0, 346 Direction: "outbound", 347 PortType: "dst", 348 Protocol: "udp", 349 }, 350 { 351 DynamicData: types.DynamicData{}, 352 Port: 88, 353 EndPort: 0, 354 Direction: "outbound", 355 PortType: "dst", 356 Protocol: "tcp", 357 }, 358 { 359 DynamicData: types.DynamicData{}, 360 Port: 123, 361 EndPort: 0, 362 Direction: "outbound", 363 PortType: "dst", 364 Protocol: "udp", 365 }, 366 { 367 DynamicData: types.DynamicData{}, 368 Port: 137, 369 EndPort: 0, 370 Direction: "outbound", 371 PortType: "dst", 372 Protocol: "udp", 373 }, 374 { 375 DynamicData: types.DynamicData{}, 376 Port: 139, 377 EndPort: 0, 378 Direction: "outbound", 379 PortType: "dst", 380 Protocol: "tcp", 381 }, 382 { 383 DynamicData: types.DynamicData{}, 384 Port: 389, 385 EndPort: 0, 386 Direction: "outbound", 387 PortType: "dst", 388 Protocol: "tcp", 389 }, 390 { 391 DynamicData: types.DynamicData{}, 392 Port: 389, 393 EndPort: 0, 394 Direction: "outbound", 395 PortType: "dst", 396 Protocol: "udp", 397 }, 398 { 399 DynamicData: types.DynamicData{}, 400 Port: 445, 401 EndPort: 0, 402 Direction: "outbound", 403 PortType: "dst", 404 Protocol: "tcp", 405 }, 406 { 407 DynamicData: types.DynamicData{}, 408 Port: 464, 409 EndPort: 0, 410 Direction: "outbound", 411 PortType: "dst", 412 Protocol: "udp", 413 }, 414 { 415 DynamicData: types.DynamicData{}, 416 Port: 464, 417 EndPort: 0, 418 Direction: "outbound", 419 PortType: "dst", 420 Protocol: "tcp", 421 }, 422 { 423 DynamicData: types.DynamicData{}, 424 Port: 3268, 425 EndPort: 0, 426 Direction: "outbound", 427 PortType: "dst", 428 Protocol: "tcp", 429 }, 430 { 431 DynamicData: types.DynamicData{}, 432 Port: 7476, 433 EndPort: 0, 434 Direction: "outbound", 435 PortType: "dst", 436 Protocol: "tcp", 437 }, 438 { 439 DynamicData: types.DynamicData{}, 440 Port: 2020, 441 EndPort: 0, 442 Direction: "inbound", 443 PortType: "dst", 444 Protocol: "tcp", 445 }, 446 }, 447 Service: "", 448 Enabled: false, 449 AllowedHosts: &types.HostFirewallRulesetIpList{ 450 DynamicData: types.DynamicData{}, 451 IpAddress: nil, 452 IpNetwork: nil, 453 AllIp: true, 454 }, 455 }, 456 { 457 DynamicData: types.DynamicData{}, 458 Key: "cmmds", 459 Label: "Virtual SAN Clustering Service", 460 Required: false, 461 Rule: []types.HostFirewallRule{ 462 { 463 DynamicData: types.DynamicData{}, 464 Port: 12345, 465 EndPort: 0, 466 Direction: "inbound", 467 PortType: "dst", 468 Protocol: "udp", 469 }, 470 { 471 DynamicData: types.DynamicData{}, 472 Port: 23451, 473 EndPort: 0, 474 Direction: "inbound", 475 PortType: "dst", 476 Protocol: "udp", 477 }, 478 { 479 DynamicData: types.DynamicData{}, 480 Port: 12345, 481 EndPort: 0, 482 Direction: "outbound", 483 PortType: "dst", 484 Protocol: "udp", 485 }, 486 { 487 DynamicData: types.DynamicData{}, 488 Port: 23451, 489 EndPort: 0, 490 Direction: "outbound", 491 PortType: "dst", 492 Protocol: "udp", 493 }, 494 { 495 DynamicData: types.DynamicData{}, 496 Port: 12321, 497 EndPort: 0, 498 Direction: "inbound", 499 PortType: "dst", 500 Protocol: "udp", 501 }, 502 { 503 DynamicData: types.DynamicData{}, 504 Port: 12321, 505 EndPort: 0, 506 Direction: "outbound", 507 PortType: "dst", 508 Protocol: "udp", 509 }, 510 }, 511 Service: "", 512 Enabled: false, 513 AllowedHosts: &types.HostFirewallRulesetIpList{ 514 DynamicData: types.DynamicData{}, 515 IpAddress: nil, 516 IpNetwork: nil, 517 AllIp: true, 518 }, 519 }, 520 { 521 DynamicData: types.DynamicData{}, 522 Key: "dhcp", 523 Label: "DHCP Client", 524 Required: false, 525 Rule: []types.HostFirewallRule{ 526 { 527 DynamicData: types.DynamicData{}, 528 Port: 68, 529 EndPort: 0, 530 Direction: "inbound", 531 PortType: "dst", 532 Protocol: "udp", 533 }, 534 { 535 DynamicData: types.DynamicData{}, 536 Port: 68, 537 EndPort: 0, 538 Direction: "outbound", 539 PortType: "src", 540 Protocol: "udp", 541 }, 542 }, 543 Service: "", 544 Enabled: true, 545 AllowedHosts: &types.HostFirewallRulesetIpList{ 546 DynamicData: types.DynamicData{}, 547 IpAddress: nil, 548 IpNetwork: nil, 549 AllIp: true, 550 }, 551 }, 552 { 553 DynamicData: types.DynamicData{}, 554 Key: "dns", 555 Label: "DNS Client", 556 Required: false, 557 Rule: []types.HostFirewallRule{ 558 { 559 DynamicData: types.DynamicData{}, 560 Port: 53, 561 EndPort: 0, 562 Direction: "inbound", 563 PortType: "dst", 564 Protocol: "udp", 565 }, 566 { 567 DynamicData: types.DynamicData{}, 568 Port: 53, 569 EndPort: 0, 570 Direction: "outbound", 571 PortType: "dst", 572 Protocol: "udp", 573 }, 574 { 575 DynamicData: types.DynamicData{}, 576 Port: 53, 577 EndPort: 0, 578 Direction: "outbound", 579 PortType: "dst", 580 Protocol: "tcp", 581 }, 582 }, 583 Service: "", 584 Enabled: true, 585 AllowedHosts: &types.HostFirewallRulesetIpList{ 586 DynamicData: types.DynamicData{}, 587 IpAddress: nil, 588 IpNetwork: nil, 589 AllIp: true, 590 }, 591 }, 592 { 593 DynamicData: types.DynamicData{}, 594 Key: "esxupdate", 595 Label: "esxupdate", 596 Required: false, 597 Rule: []types.HostFirewallRule{ 598 { 599 DynamicData: types.DynamicData{}, 600 Port: 443, 601 EndPort: 0, 602 Direction: "outbound", 603 PortType: "dst", 604 Protocol: "tcp", 605 }, 606 }, 607 Service: "", 608 Enabled: false, 609 AllowedHosts: &types.HostFirewallRulesetIpList{ 610 DynamicData: types.DynamicData{}, 611 IpAddress: nil, 612 IpNetwork: nil, 613 AllIp: true, 614 }, 615 }, 616 { 617 DynamicData: types.DynamicData{}, 618 Key: "faultTolerance", 619 Label: "Fault Tolerance", 620 Required: false, 621 Rule: []types.HostFirewallRule{ 622 { 623 DynamicData: types.DynamicData{}, 624 Port: 80, 625 EndPort: 0, 626 Direction: "outbound", 627 PortType: "dst", 628 Protocol: "tcp", 629 }, 630 { 631 DynamicData: types.DynamicData{}, 632 Port: 8300, 633 EndPort: 0, 634 Direction: "inbound", 635 PortType: "dst", 636 Protocol: "tcp", 637 }, 638 { 639 DynamicData: types.DynamicData{}, 640 Port: 8300, 641 EndPort: 0, 642 Direction: "outbound", 643 PortType: "dst", 644 Protocol: "tcp", 645 }, 646 }, 647 Service: "", 648 Enabled: true, 649 AllowedHosts: &types.HostFirewallRulesetIpList{ 650 DynamicData: types.DynamicData{}, 651 IpAddress: nil, 652 IpNetwork: nil, 653 AllIp: true, 654 }, 655 }, 656 { 657 DynamicData: types.DynamicData{}, 658 Key: "ftpClient", 659 Label: "FTP Client", 660 Required: false, 661 Rule: []types.HostFirewallRule{ 662 { 663 DynamicData: types.DynamicData{}, 664 Port: 21, 665 EndPort: 0, 666 Direction: "outbound", 667 PortType: "dst", 668 Protocol: "tcp", 669 }, 670 { 671 DynamicData: types.DynamicData{}, 672 Port: 20, 673 EndPort: 0, 674 Direction: "inbound", 675 PortType: "src", 676 Protocol: "tcp", 677 }, 678 }, 679 Service: "", 680 Enabled: false, 681 AllowedHosts: &types.HostFirewallRulesetIpList{ 682 DynamicData: types.DynamicData{}, 683 IpAddress: nil, 684 IpNetwork: nil, 685 AllIp: true, 686 }, 687 }, 688 { 689 DynamicData: types.DynamicData{}, 690 Key: "gdbserver", 691 Label: "gdbserver", 692 Required: false, 693 Rule: []types.HostFirewallRule{ 694 { 695 DynamicData: types.DynamicData{}, 696 Port: 1000, 697 EndPort: 9999, 698 Direction: "inbound", 699 PortType: "dst", 700 Protocol: "tcp", 701 }, 702 { 703 DynamicData: types.DynamicData{}, 704 Port: 50000, 705 EndPort: 50999, 706 Direction: "inbound", 707 PortType: "dst", 708 Protocol: "tcp", 709 }, 710 }, 711 Service: "", 712 Enabled: false, 713 AllowedHosts: &types.HostFirewallRulesetIpList{ 714 DynamicData: types.DynamicData{}, 715 IpAddress: nil, 716 IpNetwork: nil, 717 AllIp: true, 718 }, 719 }, 720 { 721 DynamicData: types.DynamicData{}, 722 Key: "httpClient", 723 Label: "httpClient", 724 Required: false, 725 Rule: []types.HostFirewallRule{ 726 { 727 DynamicData: types.DynamicData{}, 728 Port: 80, 729 EndPort: 0, 730 Direction: "outbound", 731 PortType: "dst", 732 Protocol: "tcp", 733 }, 734 { 735 DynamicData: types.DynamicData{}, 736 Port: 443, 737 EndPort: 0, 738 Direction: "outbound", 739 PortType: "dst", 740 Protocol: "tcp", 741 }, 742 }, 743 Service: "", 744 Enabled: false, 745 AllowedHosts: &types.HostFirewallRulesetIpList{ 746 DynamicData: types.DynamicData{}, 747 IpAddress: nil, 748 IpNetwork: nil, 749 AllIp: true, 750 }, 751 }, 752 { 753 DynamicData: types.DynamicData{}, 754 Key: "iSCSI", 755 Label: "Software iSCSI Client", 756 Required: false, 757 Rule: []types.HostFirewallRule{ 758 { 759 DynamicData: types.DynamicData{}, 760 Port: 3260, 761 EndPort: 0, 762 Direction: "outbound", 763 PortType: "dst", 764 Protocol: "tcp", 765 }, 766 }, 767 Service: "", 768 Enabled: false, 769 AllowedHosts: &types.HostFirewallRulesetIpList{ 770 DynamicData: types.DynamicData{}, 771 IpAddress: nil, 772 IpNetwork: nil, 773 AllIp: true, 774 }, 775 }, 776 { 777 DynamicData: types.DynamicData{}, 778 Key: "iofiltervp", 779 Label: "iofiltervp", 780 Required: false, 781 Rule: []types.HostFirewallRule{ 782 { 783 DynamicData: types.DynamicData{}, 784 Port: 9080, 785 EndPort: 0, 786 Direction: "inbound", 787 PortType: "dst", 788 Protocol: "tcp", 789 }, 790 }, 791 Service: "", 792 Enabled: true, 793 AllowedHosts: &types.HostFirewallRulesetIpList{ 794 DynamicData: types.DynamicData{}, 795 IpAddress: nil, 796 IpNetwork: nil, 797 AllIp: true, 798 }, 799 }, 800 { 801 DynamicData: types.DynamicData{}, 802 Key: "ipfam", 803 Label: "NSX Distributed Logical Router Service", 804 Required: false, 805 Rule: []types.HostFirewallRule{ 806 { 807 DynamicData: types.DynamicData{}, 808 Port: 6999, 809 EndPort: 0, 810 Direction: "inbound", 811 PortType: "dst", 812 Protocol: "udp", 813 }, 814 { 815 DynamicData: types.DynamicData{}, 816 Port: 6999, 817 EndPort: 0, 818 Direction: "outbound", 819 PortType: "dst", 820 Protocol: "udp", 821 }, 822 }, 823 Service: "", 824 Enabled: false, 825 AllowedHosts: &types.HostFirewallRulesetIpList{ 826 DynamicData: types.DynamicData{}, 827 IpAddress: nil, 828 IpNetwork: nil, 829 AllIp: true, 830 }, 831 }, 832 { 833 DynamicData: types.DynamicData{}, 834 Key: "nfs41Client", 835 Label: "nfs41Client", 836 Required: false, 837 Rule: []types.HostFirewallRule{ 838 { 839 DynamicData: types.DynamicData{}, 840 Port: 0, 841 EndPort: 65535, 842 Direction: "outbound", 843 PortType: "dst", 844 Protocol: "tcp", 845 }, 846 }, 847 Service: "", 848 Enabled: false, 849 AllowedHosts: &types.HostFirewallRulesetIpList{ 850 DynamicData: types.DynamicData{}, 851 IpAddress: nil, 852 IpNetwork: nil, 853 AllIp: true, 854 }, 855 }, 856 { 857 DynamicData: types.DynamicData{}, 858 Key: "nfsClient", 859 Label: "NFS Client", 860 Required: false, 861 Rule: []types.HostFirewallRule{ 862 { 863 DynamicData: types.DynamicData{}, 864 Port: 0, 865 EndPort: 65535, 866 Direction: "outbound", 867 PortType: "dst", 868 Protocol: "tcp", 869 }, 870 }, 871 Service: "", 872 Enabled: false, 873 AllowedHosts: &types.HostFirewallRulesetIpList{ 874 DynamicData: types.DynamicData{}, 875 IpAddress: nil, 876 IpNetwork: nil, 877 AllIp: true, 878 }, 879 }, 880 { 881 DynamicData: types.DynamicData{}, 882 Key: "ntpClient", 883 Label: "NTP Client", 884 Required: false, 885 Rule: []types.HostFirewallRule{ 886 { 887 DynamicData: types.DynamicData{}, 888 Port: 123, 889 EndPort: 0, 890 Direction: "outbound", 891 PortType: "dst", 892 Protocol: "udp", 893 }, 894 }, 895 Service: "ntpd", 896 Enabled: false, 897 AllowedHosts: &types.HostFirewallRulesetIpList{ 898 DynamicData: types.DynamicData{}, 899 IpAddress: nil, 900 IpNetwork: nil, 901 AllIp: true, 902 }, 903 }, 904 { 905 DynamicData: types.DynamicData{}, 906 Key: "pvrdma", 907 Label: "pvrdma", 908 Required: false, 909 Rule: []types.HostFirewallRule{ 910 { 911 DynamicData: types.DynamicData{}, 912 Port: 28250, 913 EndPort: 28761, 914 Direction: "outbound", 915 PortType: "dst", 916 Protocol: "tcp", 917 }, 918 { 919 DynamicData: types.DynamicData{}, 920 Port: 28250, 921 EndPort: 28761, 922 Direction: "inbound", 923 PortType: "dst", 924 Protocol: "tcp", 925 }, 926 }, 927 Service: "", 928 Enabled: false, 929 AllowedHosts: &types.HostFirewallRulesetIpList{ 930 DynamicData: types.DynamicData{}, 931 IpAddress: nil, 932 IpNetwork: nil, 933 AllIp: true, 934 }, 935 }, 936 { 937 DynamicData: types.DynamicData{}, 938 Key: "rabbitmqproxy", 939 Label: "rabbitmqproxy", 940 Required: false, 941 Rule: []types.HostFirewallRule{ 942 { 943 DynamicData: types.DynamicData{}, 944 Port: 5671, 945 EndPort: 0, 946 Direction: "outbound", 947 PortType: "dst", 948 Protocol: "tcp", 949 }, 950 }, 951 Service: "", 952 Enabled: true, 953 AllowedHosts: &types.HostFirewallRulesetIpList{ 954 DynamicData: types.DynamicData{}, 955 IpAddress: nil, 956 IpNetwork: nil, 957 AllIp: true, 958 }, 959 }, 960 { 961 DynamicData: types.DynamicData{}, 962 Key: "rdt", 963 Label: "Virtual SAN Transport", 964 Required: false, 965 Rule: []types.HostFirewallRule{ 966 { 967 DynamicData: types.DynamicData{}, 968 Port: 2233, 969 EndPort: 0, 970 Direction: "inbound", 971 PortType: "dst", 972 Protocol: "tcp", 973 }, 974 { 975 DynamicData: types.DynamicData{}, 976 Port: 2233, 977 EndPort: 0, 978 Direction: "outbound", 979 PortType: "dst", 980 Protocol: "tcp", 981 }, 982 }, 983 Service: "", 984 Enabled: false, 985 AllowedHosts: &types.HostFirewallRulesetIpList{ 986 DynamicData: types.DynamicData{}, 987 IpAddress: nil, 988 IpNetwork: nil, 989 AllIp: true, 990 }, 991 }, 992 { 993 DynamicData: types.DynamicData{}, 994 Key: "remoteSerialPort", 995 Label: "VM serial port connected over network", 996 Required: false, 997 Rule: []types.HostFirewallRule{ 998 { 999 DynamicData: types.DynamicData{}, 1000 Port: 0, 1001 EndPort: 65535, 1002 Direction: "outbound", 1003 PortType: "dst", 1004 Protocol: "tcp", 1005 }, 1006 { 1007 DynamicData: types.DynamicData{}, 1008 Port: 23, 1009 EndPort: 0, 1010 Direction: "inbound", 1011 PortType: "dst", 1012 Protocol: "tcp", 1013 }, 1014 { 1015 DynamicData: types.DynamicData{}, 1016 Port: 1024, 1017 EndPort: 65535, 1018 Direction: "inbound", 1019 PortType: "dst", 1020 Protocol: "tcp", 1021 }, 1022 }, 1023 Service: "", 1024 Enabled: false, 1025 AllowedHosts: &types.HostFirewallRulesetIpList{ 1026 DynamicData: types.DynamicData{}, 1027 IpAddress: nil, 1028 IpNetwork: nil, 1029 AllIp: true, 1030 }, 1031 }, 1032 { 1033 DynamicData: types.DynamicData{}, 1034 Key: "snmp", 1035 Label: "SNMP Server", 1036 Required: false, 1037 Rule: []types.HostFirewallRule{ 1038 { 1039 DynamicData: types.DynamicData{}, 1040 Port: 161, 1041 EndPort: 0, 1042 Direction: "inbound", 1043 PortType: "dst", 1044 Protocol: "udp", 1045 }, 1046 }, 1047 Service: "snmpd", 1048 Enabled: true, 1049 AllowedHosts: &types.HostFirewallRulesetIpList{ 1050 DynamicData: types.DynamicData{}, 1051 IpAddress: nil, 1052 IpNetwork: nil, 1053 AllIp: true, 1054 }, 1055 }, 1056 { 1057 DynamicData: types.DynamicData{}, 1058 Key: "sshClient", 1059 Label: "SSH Client", 1060 Required: false, 1061 Rule: []types.HostFirewallRule{ 1062 { 1063 DynamicData: types.DynamicData{}, 1064 Port: 22, 1065 EndPort: 0, 1066 Direction: "outbound", 1067 PortType: "dst", 1068 Protocol: "tcp", 1069 }, 1070 }, 1071 Service: "", 1072 Enabled: false, 1073 AllowedHosts: &types.HostFirewallRulesetIpList{ 1074 DynamicData: types.DynamicData{}, 1075 IpAddress: nil, 1076 IpNetwork: nil, 1077 AllIp: true, 1078 }, 1079 }, 1080 { 1081 DynamicData: types.DynamicData{}, 1082 Key: "sshServer", 1083 Label: "SSH Server", 1084 Required: true, 1085 Rule: []types.HostFirewallRule{ 1086 { 1087 DynamicData: types.DynamicData{}, 1088 Port: 22, 1089 EndPort: 0, 1090 Direction: "inbound", 1091 PortType: "dst", 1092 Protocol: "tcp", 1093 }, 1094 }, 1095 Service: "", 1096 Enabled: true, 1097 AllowedHosts: &types.HostFirewallRulesetIpList{ 1098 DynamicData: types.DynamicData{}, 1099 IpAddress: nil, 1100 IpNetwork: nil, 1101 AllIp: true, 1102 }, 1103 }, 1104 { 1105 DynamicData: types.DynamicData{}, 1106 Key: "syslog", 1107 Label: "syslog", 1108 Required: false, 1109 Rule: []types.HostFirewallRule{ 1110 { 1111 DynamicData: types.DynamicData{}, 1112 Port: 514, 1113 EndPort: 0, 1114 Direction: "outbound", 1115 PortType: "dst", 1116 Protocol: "udp", 1117 }, 1118 { 1119 DynamicData: types.DynamicData{}, 1120 Port: 514, 1121 EndPort: 0, 1122 Direction: "outbound", 1123 PortType: "dst", 1124 Protocol: "tcp", 1125 }, 1126 { 1127 DynamicData: types.DynamicData{}, 1128 Port: 1514, 1129 EndPort: 0, 1130 Direction: "outbound", 1131 PortType: "dst", 1132 Protocol: "tcp", 1133 }, 1134 }, 1135 Service: "", 1136 Enabled: false, 1137 AllowedHosts: &types.HostFirewallRulesetIpList{ 1138 DynamicData: types.DynamicData{}, 1139 IpAddress: nil, 1140 IpNetwork: nil, 1141 AllIp: true, 1142 }, 1143 }, 1144 { 1145 DynamicData: types.DynamicData{}, 1146 Key: "updateManager", 1147 Label: "vCenter Update Manager", 1148 Required: false, 1149 Rule: []types.HostFirewallRule{ 1150 { 1151 DynamicData: types.DynamicData{}, 1152 Port: 80, 1153 EndPort: 0, 1154 Direction: "outbound", 1155 PortType: "dst", 1156 Protocol: "tcp", 1157 }, 1158 { 1159 DynamicData: types.DynamicData{}, 1160 Port: 9000, 1161 EndPort: 9100, 1162 Direction: "outbound", 1163 PortType: "dst", 1164 Protocol: "tcp", 1165 }, 1166 }, 1167 Service: "", 1168 Enabled: true, 1169 AllowedHosts: &types.HostFirewallRulesetIpList{ 1170 DynamicData: types.DynamicData{}, 1171 IpAddress: nil, 1172 IpNetwork: nil, 1173 AllIp: true, 1174 }, 1175 }, 1176 { 1177 DynamicData: types.DynamicData{}, 1178 Key: "vMotion", 1179 Label: "vMotion", 1180 Required: false, 1181 Rule: []types.HostFirewallRule{ 1182 { 1183 DynamicData: types.DynamicData{}, 1184 Port: 8000, 1185 EndPort: 0, 1186 Direction: "inbound", 1187 PortType: "dst", 1188 Protocol: "tcp", 1189 }, 1190 { 1191 DynamicData: types.DynamicData{}, 1192 Port: 8000, 1193 EndPort: 0, 1194 Direction: "outbound", 1195 PortType: "dst", 1196 Protocol: "tcp", 1197 }, 1198 }, 1199 Service: "", 1200 Enabled: true, 1201 AllowedHosts: &types.HostFirewallRulesetIpList{ 1202 DynamicData: types.DynamicData{}, 1203 IpAddress: nil, 1204 IpNetwork: nil, 1205 AllIp: true, 1206 }, 1207 }, 1208 { 1209 DynamicData: types.DynamicData{}, 1210 Key: "vSPC", 1211 Label: "VM serial port connected to vSPC", 1212 Required: false, 1213 Rule: []types.HostFirewallRule{ 1214 { 1215 DynamicData: types.DynamicData{}, 1216 Port: 0, 1217 EndPort: 65535, 1218 Direction: "outbound", 1219 PortType: "dst", 1220 Protocol: "tcp", 1221 }, 1222 }, 1223 Service: "", 1224 Enabled: false, 1225 AllowedHosts: &types.HostFirewallRulesetIpList{ 1226 DynamicData: types.DynamicData{}, 1227 IpAddress: nil, 1228 IpNetwork: nil, 1229 AllIp: true, 1230 }, 1231 }, 1232 { 1233 DynamicData: types.DynamicData{}, 1234 Key: "vSphereClient", 1235 Label: "vSphere Web Client", 1236 Required: true, 1237 Rule: []types.HostFirewallRule{ 1238 { 1239 DynamicData: types.DynamicData{}, 1240 Port: 902, 1241 EndPort: 0, 1242 Direction: "inbound", 1243 PortType: "dst", 1244 Protocol: "tcp", 1245 }, 1246 { 1247 DynamicData: types.DynamicData{}, 1248 Port: 443, 1249 EndPort: 0, 1250 Direction: "inbound", 1251 PortType: "dst", 1252 Protocol: "tcp", 1253 }, 1254 }, 1255 Service: "", 1256 Enabled: true, 1257 AllowedHosts: &types.HostFirewallRulesetIpList{ 1258 DynamicData: types.DynamicData{}, 1259 IpAddress: nil, 1260 IpNetwork: nil, 1261 AllIp: true, 1262 }, 1263 }, 1264 { 1265 DynamicData: types.DynamicData{}, 1266 Key: "vpxHeartbeats", 1267 Label: "VMware vCenter Agent", 1268 Required: false, 1269 Rule: []types.HostFirewallRule{ 1270 { 1271 DynamicData: types.DynamicData{}, 1272 Port: 902, 1273 EndPort: 0, 1274 Direction: "outbound", 1275 PortType: "dst", 1276 Protocol: "udp", 1277 }, 1278 }, 1279 Service: "vpxa", 1280 Enabled: true, 1281 AllowedHosts: &types.HostFirewallRulesetIpList{ 1282 DynamicData: types.DynamicData{}, 1283 IpAddress: nil, 1284 IpNetwork: nil, 1285 AllIp: true, 1286 }, 1287 }, 1288 { 1289 DynamicData: types.DynamicData{}, 1290 Key: "vsanEncryption", 1291 Label: "vsanEncryption", 1292 Required: false, 1293 Rule: []types.HostFirewallRule{ 1294 { 1295 DynamicData: types.DynamicData{}, 1296 Port: 0, 1297 EndPort: 65535, 1298 Direction: "outbound", 1299 PortType: "dst", 1300 Protocol: "tcp", 1301 }, 1302 }, 1303 Service: "", 1304 Enabled: false, 1305 AllowedHosts: &types.HostFirewallRulesetIpList{ 1306 DynamicData: types.DynamicData{}, 1307 IpAddress: nil, 1308 IpNetwork: nil, 1309 AllIp: true, 1310 }, 1311 }, 1312 { 1313 DynamicData: types.DynamicData{}, 1314 Key: "vsanhealth-multicasttest", 1315 Label: "vsanhealth-multicasttest", 1316 Required: false, 1317 Rule: []types.HostFirewallRule{ 1318 { 1319 DynamicData: types.DynamicData{}, 1320 Port: 5001, 1321 EndPort: 0, 1322 Direction: "outbound", 1323 PortType: "dst", 1324 Protocol: "udp", 1325 }, 1326 { 1327 DynamicData: types.DynamicData{}, 1328 Port: 5001, 1329 EndPort: 0, 1330 Direction: "inbound", 1331 PortType: "dst", 1332 Protocol: "udp", 1333 }, 1334 }, 1335 Service: "", 1336 Enabled: false, 1337 AllowedHosts: &types.HostFirewallRulesetIpList{ 1338 DynamicData: types.DynamicData{}, 1339 IpAddress: nil, 1340 IpNetwork: nil, 1341 AllIp: true, 1342 }, 1343 }, 1344 { 1345 DynamicData: types.DynamicData{}, 1346 Key: "vsanvp", 1347 Label: "vsanvp", 1348 Required: false, 1349 Rule: []types.HostFirewallRule{ 1350 { 1351 DynamicData: types.DynamicData{}, 1352 Port: 8080, 1353 EndPort: 0, 1354 Direction: "inbound", 1355 PortType: "dst", 1356 Protocol: "tcp", 1357 }, 1358 { 1359 DynamicData: types.DynamicData{}, 1360 Port: 8080, 1361 EndPort: 0, 1362 Direction: "outbound", 1363 PortType: "dst", 1364 Protocol: "tcp", 1365 }, 1366 }, 1367 Service: "", 1368 Enabled: false, 1369 AllowedHosts: &types.HostFirewallRulesetIpList{ 1370 DynamicData: types.DynamicData{}, 1371 IpAddress: nil, 1372 IpNetwork: nil, 1373 AllIp: true, 1374 }, 1375 }, 1376 { 1377 DynamicData: types.DynamicData{}, 1378 Key: "vvold", 1379 Label: "vvold", 1380 Required: false, 1381 Rule: []types.HostFirewallRule{ 1382 { 1383 DynamicData: types.DynamicData{}, 1384 Port: 0, 1385 EndPort: 65535, 1386 Direction: "outbound", 1387 PortType: "dst", 1388 Protocol: "tcp", 1389 }, 1390 }, 1391 Service: "", 1392 Enabled: false, 1393 AllowedHosts: &types.HostFirewallRulesetIpList{ 1394 DynamicData: types.DynamicData{}, 1395 IpAddress: nil, 1396 IpNetwork: nil, 1397 AllIp: true, 1398 }, 1399 }, 1400 { 1401 DynamicData: types.DynamicData{}, 1402 Key: "webAccess", 1403 Label: "vSphere Web Access", 1404 Required: false, 1405 Rule: []types.HostFirewallRule{ 1406 { 1407 DynamicData: types.DynamicData{}, 1408 Port: 80, 1409 EndPort: 0, 1410 Direction: "inbound", 1411 PortType: "dst", 1412 Protocol: "tcp", 1413 }, 1414 }, 1415 Service: "", 1416 Enabled: true, 1417 AllowedHosts: &types.HostFirewallRulesetIpList{ 1418 DynamicData: types.DynamicData{}, 1419 IpAddress: nil, 1420 IpNetwork: nil, 1421 AllIp: true, 1422 }, 1423 }, 1424 }, 1425 }