You can close particular ports in the service console firewall. If you close a port, active sessions of the service associated with the port are not necessarily disconnected when you close the port. For example, if a backup is executing and you close the port for the backup agent, the backup continues until it completes and the agent releases the connection.

You can use the -closePort option to close only those ports that you opened with the -openPort option. If you used a different method to open the port, use an equivalent method to close it. For example, you can close the SSH port (22) only by disabling the SSH server incoming connection and SSH client outgoing connection in the vSphere Client.

Use this procedure only to close ports for services or agents not specifically configurable through the vSphere Client.

Caution

VMware supports opening and closing firewall ports only through the vSphere Client or the esxcfg-firewall command. Using any other methods or scripts to open and close firewall ports can lead to unexpected behavior.

1

Log in to the service console and acquire root privileges.

2

Use the following command to close the port.

esxcfg-firewall --closePort port_number,tcp|udp,in|out,port_name

The port_name argument is optional.

For example:

esxcfg-firewall --closePort 6380,tcp,in
3

Use the following command to restart the vmware-hostd process.

service mgmt-vmware restart