-
Notifications
You must be signed in to change notification settings - Fork 0
/
FirewallSetting.sh
executable file
·45 lines (31 loc) · 1.27 KB
/
FirewallSetting.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#/!bin/bash
echo -n "Enter password on vcenter:"
read -e password
export VI_USERNAME=osipov
export VI_PASSWORD=$password
export VI_SERVER=vcent.corbina.net
#env | grep -i vi_
#for server in `cat $1 | grep -v "^#" `
grep -v "^#" < "$1" | while IFS= read -r server
do
echo "$server"
esxcli -h "$server" network firewall set -d true
#echo vm2.kursk.corbina.net
#esxcli -h $server network firewall ruleset set -a false -r webAccess
esxcli -h "$server" network firewall ruleset set -a true -r ntpClient
# esxcli -h $server network firewall ruleset allowedip add -i "85.21.78.0/24" -r ntpClient
esxcli -h "$server" network firewall ruleset allowedip remove -i "127.0.0.1" -r ntpClient
#for service in webAccess vSphereClient snmp CIMHttpServer CIMHttpsServer
for service in vMotion webAccess faultTolerance CIMSLP CIMHttpsServer CIMHttpServer vSphereClient
do
echo $service
esxcli -h "$server" network firewall ruleset set -a false -r $service
for ip in 85.21.78.20 85.21.106.0/24 89.179.138.0/24 83.102.180.0/24
do
# #echo $ip
esxcli -h "$server" network firewall ruleset allowedip add -i "$ip" -r $service
done
done
esxcli -h "$server" network firewall ruleset allowedip list
esxcli -h "$server" network firewall set -d false
done