Lockdown by Source IP

From AstroArch

In Step 4 of the Hardening script instead of creating a secondary firewall script when using VMware vSphere you can use the following style of esxcfg-firewall commands to let VMware vSphere manage the rules. 

esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH"
esxcfg-firewall --ipruleAdd AdminIP,22,tcp,ACCEPT,"Allow_Admin_IP_SSH"

In addition to taking just an IP address, you can also use a subnet as seen by the block all rule. Order of the above rules is very important and you should review the rules to verify everything. See VMware Communities post How to configure service console firewall to only allow access from certain IPs?

Retrieved from "http://www.astroarch.com/wiki/index.php/Lockdown_by_Source_IP"