Configuring Virtual I/O Server firewall settings

Enable the Virtual I/O Server firewall to control IP activity.

The Virtual I/O Server firewall is not enabled by default. To enable the Virtual I/O Server firewall, you must turn it on by using the viosecure command with the -firewall option. When you enable it, the default setting is activated, which allows access for the following IP services:
  • ftp
  • ftp-data
  • ssh
  • web
  • https
  • rmc
  • cimom
Note: The firewall settings are contained in the file viosecure.ctl in the /home/ios/security directory. If for some reason the viosecure.ctl file does not exist when you run the command to enable the firewall, you receive an error. You can use the -force option to enable the standard firewall default ports.

You can use the default setting or configure the firewall settings to meet the needs of your environment by specifying which ports or port services to allow. You can also turn off the firewall to deactivate the settings.

Use the following tasks at the Virtual I/O Server command line to configure the Virtual I/O Server firewall settings:
  1. Enable the Virtual I/O Server firewall by running the following command: 
    viosecure -firewall on
  2. Specify the ports to allow or deny, by using the following command: 
    viosecure -firwall allow | deny -port number
  3. View the current firewall settings by running the following command: 
    viosecure -firewall view
  4. If you want to disable the firewall configuration, run the following command: 
    viosecure -firewall off