General information about esxcli can be found in the Getting familiar with new CLI recipe in this chapter. It is a very powerful tool to manage ESXi hosts remotely or locally; it can be used for configuration tasks and scripting.
vSphere 5 introduced many changes to esxcli. One of them is a separate namespace for the ESXi firewall configuration.
Note
The ESXi firewall between the management interface and network is available in ESXi 5 and later. It is service oriented and not based on iptables as it was in earlier versions. The ESXi firewall is enabled by default and often requires changes in the configuration, as default settings may not be sufficient.
The command structure for the namespace is as follows:
esxcli network firewall (get | set | refresh | load | unload) esxcli network firewall ruleset (list | set) esxcli network firewall ruleset allowedip (add | list | remove) esxcli network firewall ruleset rule list