Hi,

I am working on creating some firewall rules to stop some of the SSH brute-force attacks that we have seen recently on our ESX server hosts. I have tried the following rules from the CLI to first block all SSH traffic and then allow the two ranges that I am interested in:

esxcfg-firewall --ipruleAdd 0.0.0.0/0,22,tcp,REJECT,"Block_SSH"
esxcfg-firewall --ipruleAdd 11.130.0.0/16,22,tcp,ACCEPT,"Allow_PUBLIC_SSH"
esxcfg-firewall --ipruleAdd 10.130.0.0/16,22,tcp,ACCEPT,"Allow_PRIVATE_SSH"

However, these rules are not working as intended. I know that if you do not enter the block rule first, then the allow rule will not be processed. We are now having the issue where the first entered allow rule is being ignored such that the block rule works and the last entered allow rule works. I was curious if anyone had any ideas on how I could allow a few different ranges of IP's with the esxcfg-firewall --ipruleAdd command? I am at a loss and am having a hard time locating examples or further documentation about this.

Thanks in advance for your help with this.