• This KB addresses issues that arise when a "block all ingress traffic" rule is mistakenly added during the creation or edition of vCenter firewall rule. 
• Attempts to make firewall changes from vCenter VAMI result in losing access to vCenter

• This could happen if an incorrect IP is entered, an entire subnet range is blocked, or the iptables service is mistakenly enabled from the command line.
• vCenter services will be up and running but vCenter UI will not be accessible. 

To restore/fix the firewall changes

Identifying the problem:

• From the vCenter server console run:
  

iptables -nL | less 

• This will give the list of firewall rules

  
  
  
• As seen, the highlighted entry was added through VAMI.
• NOTE: Per the following, the iptables service has been erroneously enabled 

To resolve if the iptables service has been enabled:

• Run the following command:

chkconfig iptables off

To resolve if a bad firewall rule was added by mistake:

• Export the firewall rule using:

iptables-save > /var/tmp/iptables.rules.default

• Take backup of exported file: 

cp /var/tmp/iptables.rules.default /root/var/tmp/iptables.rules.default.backup

• Edit the file, and check the entire file and each line for the rules specified and then remove the entry as specified above and save the file:

vi /var/tmp/iptables.rules.default

• less the file again and make sure that the entry is gone.
• Now restore the firewall rule by:

iptables-restore < /var/tmp/ iptables.rules.default

• Run 1st command (iptables -nL) again and make sure the rule is not there:

iptables -nL | less 

• Once done, wait for a minute or so and we should be start seeing traffic to vCenter IP/FQDN.