esxcfg-firewall

ESX uses esxcfg-firewall to handle firewall settings for service console, simpler than iptables.

• -q will display open port and enabled services
• -s will display known services
• -e enable service
• -d disable service
• -o will open a new port <port, udp|tcp, in|out, name>
• -c will close a port previous opened by -o

ESXi doesn't implement iptalbe, so there is no esxcfg-firewall on ESXi, neither dose the vCLI

vSphere client could enable/disable known service. For the custom service, command-line is still the choice.