Port changes between ESXi 5.1u2 and 5.5u1

The following "firewall labels" have been added and are defaulted to open to all networks in ESXi 5.5u1 (unsure about 5.5 GA):

• DHCPv6 (self explanatory)[tcp/udp 546 in 547 out]
• cmmds (VSAN) [udp 12345,23451 in/out]*
• rtd (VSAN) [tcp 2233 in/out]
• ipfam (NSX) [udp 6999 in/out]
• vsanvp (VSAN) [tcp 8080 in/out]
• rabbitmqproxy (vFabric) [tcp 5671 out]

I was not able to turn off vsanvp (Cannot change the host configuration. Call "HostFirewallSystem.DisableRuleset" for object "firewallSystem-152" on vCenter Server "X" failed.) but I could restrict it to the local management subnet. Close enough.

While it's nice of VMware to have the one button "enable VSAN" in the webUI -- Keep the ports locked until I check that box. If ever.

* Hey! That's the combination to my luggage!