Remove Firewall rules from vCenter Server Appliance 6.7

I am completely stupid, I fiddled with firewall settings of VCSA and now I am locked out. What do I do?

Don’t worry, it can be fixed. But first, we need to get in. Since you are locked out of the web interface, you will need to use the Shell. Log in to the host, where the VCSA virtual machine resides and open up the console.

Press ALT + F1 , write shell and hit ENTER. Fill in your root credentials.

Use this command to list all rules:
iptables -L --line-numbers | more

Your firewall rules are listed under “Chain inbound”, note their numbers.

Now delete the rule(s), which are preventing you to connect to the server with this command (this example deletes rule number 2):
iptables -D inbound 2

The change should have immediate effect, so you can try to ping the server and see if it worked.

If this fix worked, you should login via web interface, which is now accessible, and delete firewall rules from there, or they will activate again after reboot.

What do you think?

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.