In ESXi 5.0 and later versions, firewall rules are not persisted after a reboot of the hypervisor. This document describes how to generate a custom VIB that will store the firewall rules needed for Abiquo platform VNC connections.
To create the VIB, you will need:
Vib-author is only available for i386 architecture. If you are going to use a CentOS 6 on i386, you will only have to upgrade the "file" package. If you have installed a CentOS 6 on x86, you will also need to install the glib package for i386.
First, you will need to install the EPEL repository. You can get the RPM file from http://fedoraproject.org/wiki/EPEL. Installing this package will make the EPEL repository available to your Centos machine.
Then you need to upgrade the "file" package. You can do so with:
IF you have installed a Centos 6 on x64, you also need to install glib package for i386 with:
#> yum install glibc-2.12-1.107.el6_4.5.i686
** Note: The version of the glibc might change **
Generate the VIB files
First, you need to create the folder tree structure.
#> mkdir -p stage/payloads/payload1/etc/vmware/firewall
Then, you need to create the descriptor.xml, placed in the stage folder (stage/descriptor.xml)
<summary>Custom VIB for Abiquo</summary>
<description>Adds custom firewall rule for enable VNC with Abiquo</description>
<payload name="payload1" type="vgz"></payload>
After that, you need to create the file Abiquo-vnc.xml, which will contain the filewall rules
<!-- Firewall Rule for Abiquo VNC Console -->
<rule id = '0000'>
<rule id = '0001'>
Now, you are ready to generate the VIB files:
#> vibauthor -C -t stage -v abiquo-vnc.vib -O abiquo-vnc-offline-bundle.zip -f
Installing the VIB files on the ESXi
The last step is to install the VIB file on the ESX.
#> esxcli software vib install -v /vmfs/volumes/[datastore-name]/abiquo-vnc.vib -f
Depending on your ESX host security policy you may need to enable "Community Support" in order to install the VIB.
#> esxcli software acceptance set --level=CommunitySupported
Example VIB file
For testing purposes you can use the example VIB file provided below. This VIB creates a firewall rule to allow access to VNC port range 5900-5964 in the ESX host.
Example VIB: abiquo-vnc-example.vib