1. 修改SSH配置文件
vi /etc/ssh/sshd_config
2. 复制并修改应用的端口配置文件
cp /etc/services /vmfs/volumes/datastore1/
vi /vmfs/volumes/datastore1/services
3. 编写防火墙策略(例:62008端口)
vi /vmfs/volumes/datastore1/ssh.xml
文件增加以下内容:
<ConfigRoot>
<service>
<id>SSH 62008</id>
<rule id = '0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>62008</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
4. 编写脚本,以便重启时防火墙生效
vi /etc/rc.local.d/local.sh
======================================
#!/bin/sh # local configuration options
# Note: modify at your own risk! If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading. Changes are not supported unless under direction of
# VMware support.
cp /vmfs/volumes/datastore1/ssh.xml /etc/vmware/firewall/
esxcli network firewall refresh
chmod 666 /etc/services
rm -f /etc/services
cp /vmfs/volumes/datastore1/services /etc/services
kill -HUP `cat /var/run/inetd.pid`
exit 0