Open hickeng opened 7 years ago
For existing firewall configs there is a rule we can enable that would open all outbound ports - we should be able to do this through vic-machine (with user confirmation) using https://github.com/vmware/govmomi/blob/master/object/host_firewall_system.go For users who don't want all outbound ports open we can provide a VIB that they install that opens our specific port This will allow users to make the choice for their firewall config based on their policies and be much better UX than our current guidelines Future releases that have our VIC specific ruleset in the default config could also be done through vic-machine
We currently have the following issues with configuration of the ESX firewall:
vic-machine create
may not have appropriate configuration for existing VCHs (same issue if a host with non-persistent config is restarted)Additionally customers may have firewall appliances that require more precise detail:
There are a couple of options that we should investigate:
Notes: