VMware released vCenter 6.0 in 2015. Like every other "excited" technology people, we were excited to see what changes were made. After we upgraded to vCenter 6.0, we noticed that while it was more locked down, but its shell could still give us more access.
VMware provides instructions on how to use their 'firewall' functionality. But it only allows adding an ip, or ip range to the allowed list of systems that can communicate with vCenter.
I hate to say that it doesn’t allow you to open a port. That was a problem since one of our application wants to use different ports for communication. We needed to open that ports and that proved to be harder than we thought.
However, there are some shortcuts, you can use a iptables command for temporary addition of firewall rule. But that won't be persistent unless you save the iptables and save the existing file and ask the operating system to load the iptables from it. But wait, I really do not want to take so much of pain.
The below doc has steps to add a firewall port exception in the vCSA 6.0