I have an esxi6 host on public ip.
All other VMs are behind pfsense firewall, so no issues.
I can't put esxi behind that because I don't want to get locked out.
So far I have disabled ssh access to esxi host.
Now for other security I just want to block ping messages to public ip of esxi host that no one knows if that ip is alive so that no one so any brute force attacks etc.
Is there any way I can block ping messages?
Best Answer
There is an ESXi firewall that will give you all kinds of power, if you can master its arcane configuration https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2005284
see page 34 of the Security Guide pdf: http://pubs.vmware.com/vsphere-50/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-50-security-guide.pdf
I know this isn't a full answer but I hope it will help you in the right direction.
PS, "I can't put esxi behind that because I don't want to get locked out." - if you have good pfsense NAT rules you can be very secure (or at least much more obscure) and you won't get locked out.