Unable to enable or disable esxi firewall rules
Article ID: 384384
Updated On:
Products
Issue/Introduction
- While disabling/enabling certain esxi firewall rules, the following error is thrown:
Cannot change the host configuration. Invalid operation requested: Can not enable/disable this ruleset, it is owned by system service.
Environment
- ESXi 8.0 U3
Resolution
This an expected behavior. Certains firewall rules are system managed and cannot be enabled or disabled by user. Such rules are automatically enabled/disabled by the system when needed (e.g associated service start/stop)
The command below shows what are the rules configurable by user (column "Enable/Disable configurable" = true)
#esxcli network firewall ruleset listName Enabled Enable/Disable configurable Allowed IP configurable--------------------------- ------- --------------------------- -----------------------sshServer true true truesshClient false true truenfsClient false false falsenfs41Client false false falsedhcp false false truedns true true truesnmp false false truentpClient false false trueCIMHttpServer false false trueCIMHttpsServer false false trueCIMSLP false false trueiSCSI true false truevpxHeartbeats true false trueupdateManager true true truefaultTolerance true true truewebAccess true true truevMotion true false truevSphereClient true true trueactiveDirectoryAll false false trueNFC true false trueHBR true false trueftpClient false true truehttpClient false true truegdbserver false true trueDVFilter false true trueDHCPv6 true false trueDVSSync true false truesyslog false true trueWOL true true truevSPC false true trueremoteSerialPort false true truerdt false false truecmmds false false trueipfam false true trueiofiltervp true false trueesxupdate false false truevsanEncryption false false falsepvrdma false true truevic-engine false true trueetcdClientComm true false trueetcdPeerComm true false truesettingsd false false truevdfs false false truegstored false false truetrusted-infrastructure-kmxd false false falseiwarp-pm false true trueptpd false false truetrusted-infrastructure-kmxa false false falsenvmetcp false false trueesxio-orchestrator false false trueesxioComm false false truenvmemdns false false trueproxy false false falsedpd false false truevltd false false truevsanhealth-unicasttest false false truevsanmgmt-https-tunnel false false true
Feedback
