편집

다음을 통해 공유


New-NetworkControllerAccessControlListRule

This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface

Syntax

New-NetworkControllerAccessControlListRule
   -ConnectionUri <Uri>
   -Properties <AclRuleProperties>
   -ResourceId <string>
   [-AccessControlListId <string>]
   [-CertificateThumbPrint <string>]
   [-Credential <PSCredential>]
   [-Etag <string>]
   [-Force]
   [-ResourceMetadata <ResourceMetadata>]

Description

This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface. Each rule consists of a name, protocol, source and destination port range, source and destination IP address range, action (Allow/deny), priority, type (inbound/outbound) and whether logging is enabled or disabled for the rule.

Examples

Example 1

The above example adds a new ACL rule to an ACL list named Subnet1ACL. This rule allows all inbound traffic.

$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties  
$ruleproperties.Protocol = "All"  
$ruleproperties.SourcePortRange = "0-65535"  
$ruleproperties.DestinationPortRange = "0-65535"  
$ruleproperties.Action = "Allow"  
$ruleproperties.SourceAddressPrefix = "*"  
$ruleproperties.DestinationAddressPrefix = "*"  
$ruleproperties.Priority = "100"  
$ruleproperties.Type = "Inbound"  
$ruleproperties.Logging = "Enabled"  
New-NetworkControllerAccessControlListRule -ConnectionUri https://networkcontroller -ResourceId "AllowAllInbound" -AccessControlListId "Subnet1ACL"

Parameters

-AccessControlListId

Specifies the ID of the ACL.

Type:string
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-CertificateThumbprint

Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. This is the certificate thumbprint of the certificate. This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.

Type:string
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConnectionUri

Specifies the Uniform Resource Identifier (URI) of the Network Controller, used by all Representational State Transfer (REST) clients to connect to Network Controller.

Type:Uri
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Specifies a user credential that has permission to perform this action. The default value is the current user.This user must be present in the security group provided in the ClientSecurityGroup parameter in the Install-NetworkController cmdlet.

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Etag

Specifies the entity tag (ETag) parameter of the resource. An ETag (entity tag) is an HTTP response header returned by an HTTP-compliant web server used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.

Type:string
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:switch
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Properties

Specifies the properties of an ACL rule

  • Protocol
  • Source port range
  • Destination port range
  • Action (Allow/Deny)
  • Source Address prefix
  • Destination address prefix
  • Priority
  • Type of rule (inbound/outbound)
  • Whether logging is enabled or disabled
Type:AclRuleProperties
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceId

Specifies the ID of the ACL resource

Type:string
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-ResourceMetadata

This parameter contains metadata information for the client, such as the tenant ID, group ID, and resource name.

Type:ResourceMetadata
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Following properties can be provided for each ACL rule:

  • Name
  • Protocol
  • Source port range
  • Destination port range
  • Action (Allow/Deny)
  • Source Address prefix
  • Destination address prefix
  • Priority
  • Type of rule (inbound/outbound)
  • Whether logging is enabled or disabled