A rule set configuration file contains firewall rules and describes each rule's relationship with ports and protocols. The rule set configuration file can contain rule sets for multiple services.

Rule set configuration files are located in the /etc/vmware/firewall/ directory. To add a service to the host security profile, VMware partners can create a VIB that contains the port rules for the service in a configuration file. VIB authoring tools are available to VMware partners.

The ESXi 5.x ruleset.xml format is the same as in ESX and ESXi 4.x, but has two additional tags: enabled and required. The ESXi 5.x firewall continues to support the 4.x ruleset.xml format.

Each set of rules for a service in the rule set configuration file contains the following information.

A numeric identifier for the service, if the configuration file contains more than one service.

A unique identifier for the rule set, usually the name of the service.

For each rule, the file contains one or more port rules, each with a definition for direction, protocol, port type, and port number or range of port numbers.

A flag indicating whether the service is enabled or disabled when the rule set is applied.

An indication of whether the rule set is required and cannot be disabled.

<ConfigRoot> 
<service id='0000'> 
 <id>serviceName</id>
  <rule id = '0000'> 
   <direction>inbound</direction>
   <protocol>tcp</protocol>
   <porttype>dst</porttype> 
   <port>80</port>
  </rule> 
  <rule id='0001'>
   <direction>inbound</direction>
   <protocol>tcp</protocol>
   <porttype>src</porttype> 
   <port>
    <begin>1020</begin> 
    <end>1050</end>
   </port>
 </rule>
 <enabled>true</enabled>
	<required>false</required> 
</service>
</ConfigRoot>