Firewall rules often apply to traffic from a network service. A new SDDC includes inventory entries for most of the common network service types, but you can add custom services if you need to.
When you create a firewall rule, you can specify that it applies to network traffic from one or more of the services defined in your SDDC's Services inventory. The default list includes VMware services such as remote console and provisioning, standard services such as IKE, ICMP, and TCP, and many well-known third party services. You can add services to this list by selecting values, typically ports and protocols, from a list of service types and additional service properties.