Initial commit

.gitignore

@@ -0,0 +1,3 @@
+.vagrant/
+*.vib
+*.zip

README.md

@@ -0,0 +1,37 @@
+# ESX VIB for the VNC fw. rules
+
+## Generate
+
+```
+vagrant plugin install vagrant-sshfs
+vagrant up && vagrant destroy -f
+```
+
+Generated VIB is in the current working directory.
+
+## Deploy
+
+### Install
+
+```
+esxcli software acceptance set --level=CommunitySupported
+
+esxcli software vib install -v $PWD/fw-vnc.vib
+# or
+esxcli software vib install -d $PWD/fw-vnc.zip
+```
+
+### Disable
+
+Firewall rules are enabled right after the installation.
+Rules can be selectively disabled by running:
+
+```
+esxcli network firewall ruleset set -e false -r VNC
+```
+
+### Uninstall
+
+```
+esxcli software vib remove -n fw-vnc
+```

Vagrantfile

@@ -0,0 +1,29 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# Vagrant configurations
+ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox'
+
+Vagrant.configure("2") do |config|
+    config.vm.box = "centos/6"
+
+    config.vm.provider :virtualbox do |v|
+        v.name = "VIB Vagrant Devel"
+    end
+
+    config.vm.synced_folder ".", "/vagrant", type: "sshfs"
+
+    # install VIB author
+    config.vm.provision "shell", inline: <<-SCRIPT
+        set -e
+        cd /vagrant/rpm/
+        yum -y install *.rpm
+    SCRIPT
+
+    # (always) generate VIB/ZIP
+    config.vm.provision "shell",  run: "always", inline: <<-SCRIPT
+        set -e
+        cd /vagrant/
+        vibauthor -C -t vib/ -v fw-vnc.vib -O fw-vnc.zip --force
+    SCRIPT
+end

vib/descriptor.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<vib version="5.0">
+  <type>bootbank</type>
+  <name>fw-vnc</name>
+  <version>1.0.0-1</version>
+  <vendor>OpenNebulaSystems</vendor>
+  <summary>Firewall rules to enable VNC traffic</summary>
+  <description>Firewall rules to enable VNC traffic</description>
+  <urls/>
+  <relationships>
+    <depends/>
+    <conflicts/>
+    <replaces/>
+    <provides/>
+    <compatibleWith/>
+  </relationships>
+  <software-tags/>
+  <system-requires>
+    <maintenance-mode>false</maintenance-mode>
+  </system-requires>
+  <file-list>
+    <file>etc/vmware/firewall/vnc.xml</file>
+  </file-list>
+  <acceptance-level>community</acceptance-level>
+  <live-install-allowed>true</live-install-allowed>
+  <live-remove-allowed>true</live-remove-allowed>
+  <cimom-restart>false</cimom-restart>
+  <stateless-ready>true</stateless-ready>
+  <overlay>false</overlay>
+  <payloads>
+    <payload name="fw-vnc" type="vgz"/>
+  </payloads>
+</vib>

vib/payloads/fw-vnc/etc/vmware/firewall/vnc.xml

@@ -0,0 +1,16 @@
+<ConfigRoot>
+  <service>
+    <id>VNC</id>
+    <rule>
+      <direction>inbound</direction>
+      <protocol>tcp</protocol>
+      <porttype>dst</porttype>
+      <port>
+        <begin>5900</begin>
+        <end>65535</end>
+      </port>
+    </rule>
+    <enabled>true</enabled>
+    <required>false</required>
+  </service>
+</ConfigRoot>