This article is intended to provide detailed steps on implementing the firewall rules via iptables in NSX-T Edge appliance. 

VMware NSX

Port 1167 is used for DHCP Lease Info Sync for HA over secure channel on Edge Management port and is intended only for Edge VMs to connect over port 1167. In certain scenarios, it was observed that other VMs / external systems are listening over port 1167 which can be considered a security breach. 

In such a case, one can deny other VM's traffic intended towards Edge VM over port 1167 and only accept Edge Peer traffic by implementing firewall rule.

If you believe you have encountered this issue, please open a support case with Broadcom Support and refer to this KB article. For more information, see Creating and managing Broadcom support cases.