Skip to main content

How to Specific Allowed IP Addresses in ESXi Firewall by PowerCLI

In recent LAB environment reviewing, I noticed my LAB ESXi hosts allow connections from all IP address for NTP services. This is not the best practices for the solid environment. I want to specify certain IP addresses are allowed in case of vulnerabilities in NTP services. There are a lot of blogs talking about how to enable/disable firewall ruleset but no one talks about how to do so. Following is what I figured out. Please let me know if you see anything I can improve.
# Please connect to vCenter Server by Connect-ViServer before use this script.
$vmhosts = Get-VMHost -Location esxiCluster
foreach($vmhost in $vmhosts){
$esxcli=get-esxcli -vmhost $vmhost -V2
$ntpRuleSet = $
$ntpAllowIP = $

The red text is customized parameters. Please change accordingly.

The script gets all ESXi hosts details in the specified location, you can use a cluster name, ESXi name, or folder. Then it disables "Allow connections from any IP address" option of the ruleset, and add 2 IP addresses to the ruleset.

Popular posts from this blog

Connect-NsxtServer shows "Unable to connect to the remote server"

When you run Connect-NsxtServer in the PowerCLI, it may show "Unable to connect to the remote server".  Because the error message is a little bit confusing with other login issues. It's not easy to troubleshoot. The actual reason is the NSX-T uses a self-signed certificate, and the PowerCLI cannot accept the certificate automatically. The fix is super easy. You need to set the PowerCLI to ignore the invalid certificate with the following command: Set-PowerCLIConfiguration -Scope User -InvalidCertificateAction:Ignore -Confirm:$false

Setup Terraform and Ansible for Windows provisionon CentOS

Provisioning Windows machines with Terraform is easy. Configuring Windows machines with Ansible is also not complex. However, it's a little bit challenging to combine them. The following steps are some ideas about handling a Windows machine from provisioning to post configuration without modifying the winrm configuration on the guest operating system. Install required repos for yum. yum -y install yum -y install yum -y install yum -y install epel-release yum -y install yum-utils yum-config-manager --add-repo Install  Terraform . sudo yum -y install terraform Install  Ansible . sudo yum -y install ansible Install  Kerberos . yum -y install gcc python-devel krb5-devel krb5-libs krb5-workstation

How to List All Users in Terraform Cloud

Terraform has a rich API. However, the API documentation does not mention how to list all users. We can leverage the organization membership API and the PowerShell command  Invoke-RestMethod  to get a user list. 1. Create an organization token in Terraform Cloud. 2. Create the token variable ( $Token ) in PowerShell. $Token = "abcde" 3. Create the API parameters variable in PowerShell. $params = @{ Uri = "" Authentication = "Bearer" Token = $Token ContentType = "application/vnd.api+json" } Note: You need to replace ZHENGWU with your own organization name. And I used 100 at the end of the URI to retrieve the first 100 users. It can be any number.  4. Retrieve the API return and list the user's email address. $Test = Invoke-RestMethod @params $