If a third-party extension is released as a VIB package, and you use the esxcli software vib command to add the VIB package to your system, the VIB system updates the firewall ruleset and refreshes the host daemon after you reboot your system.

Otherwise, you can use a firewall configuration file to specify port rules for host services that you want to enable for the extension. The vSphere Security documentation discusses how to add, apply, and refresh a firewall rule set and lists the esxcli network firewall commands.

The ESXi 5.x ruleset.xml format for ESXi 5.x is the same as in version 4.x for ESX and ESXi, but has two more tags, enabled and required. The ESXi 5.x firewall still supports the older format.