After upgrading to 8.0.200 or 8.0.201, you are unable to  customize the firewall rule configuration with the option Only allow connections from the following networks' on ESXi hosts.

Starting with vSphere 8.0 Update 2, you cannot customize the firewall rule configuration with the option "Only allow connections from the following networks" on ESXi hosts. For example, in the VMware Host Client, when you navigate to Networking > Firewall rules, select DHCP client, provide an IP, and check Only allow connections from the following networks, the operation fails with an error such as Operation failed, diagnostics report: Invalid operation requested: Can not change allowed ip list this ruleset, it is owned by system service..

This is expected behavior.

• This should not affect you if your ip ruleset is already set to ALL on all services, unless you want to edit your esxi firewall rules.
• If you have customized ip rulesets, you can wait for the release with the fix in it before upgrading or if you still want to upgrade, run the commands below to get your current esxcli firewall ruleset and save it.
• When the version with the fix is available, you will have a copy of the settings and can re-apply your previous firewall settings after upgrading to the version containing the fix.
•  
• 1)ESXCLI
  

  esxcli network firewall ruleset allowedip list
  esxcli network firewall get

• 2)  How to  retrieve the  current  firewall  ruleset from the GUI
   
• If you click Edit, you can see what services are enable (ticked) / disabled (not ticked)