Add whitelisted IPs to VMware firewall rules

add_ip_whitelist_vmw_fwrules.ps1

##
# Powershell script to add whitelisted IPs to VMware vSphere and VMware vCenter firewall rules.
# Also adding a rule to fix the web console problem in vSphere Web Client
##

# Set execution policy
# AllSigned    : Every script must bear a valid signature
# RemoteSigned : Must be signed by a trusted publisher (for example Microsoft)
# Unrestricted : No restrictions whatsoever, every script can run
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned

# Whitelisted IPs which are allowed to use the services on this host
$whitelistIPs = "127.0.0.1", "8.8.8.8"

# Get all rule names that contain either VMware or vCenter (DisplayName) and place them in an array
$vmwFwRuleNames = Get-NetFirewallRule -Enabled TRUE | where {$_.DisplayName -like "*VMware*" -OR $_.DisplayName -like "vCenter*"} | select DisplayName

# Adding whitelisted IPs to each firewall rule from our list
foreach ( $rule in $vmwFwRuleNames) {
   # Set the whitelisted IPs as valid remote addresses for the rule
   Set-NetFirewallRule -DisplayName $rule.DisplayName -RemoteAddress $whitelistIPs
   # Set the valid remote addresses for the rule to 'any'
   #Set-NetFirewallRule -DisplayName $rule.DisplayName -RemoteAddress Any
}

# Add firewall rule to allow inbound TCP traffic on port 7331 
# to use the web console in VMware vCenter vSphere Web Client
New-NetFirewallRule -DisplayName "VMware vCenter Web Console" -Profile Public, Domain -Direction Inbound -Protocol TCP -LocalPort 7331 -RemoteAddress $whitelistIPs -Enabled True