asc firewall

Use this command to manage firewall services.

Syntax

asc firewall [options]

Option

Description

-a, --add <IP_address>

Add the specified protected host to the firewall.

-c, --class [x]

The type of host to be protected. This option defines the default proxy and forward settings for the specified class type.

The x option implies a source rule exception.

--cleanRSAkeys true

Removes the SSH RSA key fingerprints from /root/.ssh/known_hosts and /home/ascadminuser/.ssh/knownhosts for all protected ESXi hosts in CloudControl.

-cp, --closeport <port>

Block access to the specified local TCP and UDP ports on the appliance.

-h, --help

Display usage text.

-l, --list

Lists all protected hosts, proxy redirects, and port forwards. This can be combined with the -class option to filter results.

-m, --message <message>

Specify the message to use in log files and configuration file change journals for firewall related activities.

-op, --openport <port>

Open access to the specified local TCP and UDP ports on the appliance.

-r, --remove <IP_address>

Remove the specified protected host from the firewall.

Examples

Add an IP address proxy exception. The IP address will not be proxied.

asc firewall -a 1.2.3.4 -c x

List all firewall exception IP addresses:

asc firewall -l -c x

Remove a firewall exception by IP address:

asc firewall -r 1.2.3.4

Disable access to port 8091:

asc firewall -cp 8091

Enable access to port 8091:

asc firewall -op 8091

Remove the SSH RSA key fingerprints for all protected ESXi hosts.

asc firewall --cleanRSAkeys true

 

HyTrust CloudControl v 5.5

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: