Editar

Compartilhar via


New-NetworkControllerAccessControlListRule

This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface

Syntax

New-NetworkControllerAccessControlListRule
   [-AccessControlListId] <String>
   [-ResourceId] <String>
   [-Properties] <AclRuleProperties>
   [[-ResourceMetadata] <ResourceMetadata>]
   [[-Etag] <String>]
   [-Force]
   -ConnectionUri <Uri>
   [-CertificateThumbprint <String>]
   [-Credential <PSCredential>]
   [-PassInnerException]
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface. Each rule consists of a name, protocol, source and destination port range, source and destination IP address range, action (Allow/deny), priority, type (inbound/outbound) and whether logging is enabled or disabled for the rule.

Examples

Example 1

The above example adds a new ACL rule to an ACL list named Subnet1ACL. This rule allows all inbound traffic.

$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "100"
$ruleproperties.Type = "Inbound"
$ruleproperties.Logging = "Enabled"
New-NetworkControllerAccessControlListRule -ConnectionUri https://networkcontroller -ResourceId "AllowAllInbound" -AccessControlListId "Subnet1ACL"

Parameters

-AccessControlListId

Specifies the ID of the ACL.

Type:string
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-CertificateThumbprint

Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. This is the certificate thumbprint of the certificate. This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.

Type:string
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ConnectionUri

Specifies the Uniform Resource Identifier (URI) of the Network Controller, used by all Representational State Transfer (REST) clients to connect to Network Controller.

Type:Uri
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Credential

Specifies a user credential that has permission to perform this action. The default value is the current user.This user must be present in the security group provided in the ClientSecurityGroup parameter in the Install-NetworkController cmdlet.

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Etag

Specifies the entity tag (ETag) parameter of the resource. An ETag (entity tag) is an HTTP response header returned by an HTTP-compliant web server used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.

Type:string
Position:7
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:8
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-PassInnerException

This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.

The thumbprint must be provided only if the network controller client authentication is X509 certificates. Get-NetworkController retrieves that client authentication and authorization information.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Properties

Specifies the properties of an ACL rule

  • Protocol
  • Source port range
  • Destination port range
  • Action (Allow/Deny)
  • Source Address prefix
  • Destination address prefix
  • Priority
  • Type of rule (inbound/outbound)
  • Whether logging is enabled or disabled
Type:AclRuleProperties
Position:4
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceId

Specifies the ID of the ACL resource

Type:string
Position:2
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-ResourceMetadata

This parameter contains metadata information for the client, such as the tenant ID, group ID, and resource name.

Type:ResourceMetadata
Position:5
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

String

Microsoft.Windows.NetworkController.AclRuleProperties

Following properties can be provided for each ACL rule:

  • Name
  • Protocol
  • Source port range
  • Destination port range
  • Action (Allow/Deny)
  • Source Address prefix
  • Destination address prefix
  • Priority
  • Type of rule (inbound/outbound)
  • Whether logging is enabled or disabled

Outputs

Object