你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn。
Set-AzNetworkSecurityRuleConfig
Updates a network security rule configuration for a network security group.
Syntax
Set-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Set-AzNetworkSecurityRuleConfig
-Name <String>
-NetworkSecurityGroup <PSNetworkSecurityGroup>
[-Description <String>]
[-Protocol <String>]
[-SourcePortRange <String[]>]
[-DestinationPortRange <String[]>]
[-SourceAddressPrefix <String[]>]
[-DestinationAddressPrefix <String[]>]
[-SourceApplicationSecurityGroupId <String[]>]
[-DestinationApplicationSecurityGroupId <String[]>]
[-Access <String>]
[-Priority <Int32>]
[-Direction <String>]
[-DefaultProfile <IAzureContextContainer>]
[<CommonParameters>]
Description
The Set-AzNetworkSecurityRuleConfig cmdlet updates a network security rule configuration for a network security group.
Examples
Example 1: Change the access configuration in a network security rule
$nsg = Get-AzNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
$nsg | Get-AzNetworkSecurityRuleConfig -Name "rdp-rule"
Set-AzNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"
The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg. The second command uses the pipeline operator to pass the security group in $nsg to Get-AzNetworkSecurityRuleConfig, which gets the security rule configuration named rdp-rule. The third command changes the access configuration of rdp-rule to Deny. However, this overwrites the rule and only sets the parameters that are passed to the Set-AzNetworkSecurityRuleConfig function. NOTE: There is no way to change a single attribute
Example 2
Updates a network security rule configuration for a network security group. (autogenerated)
Set-AzNetworkSecurityRuleConfig -Access Allow -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *
Example 3
Updates a network security rule configuration for a network security group. (autogenerated)
Set-AzNetworkSecurityRuleConfig -Access Allow -Description 'Allow RDP' -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *
Example 4
Updates a network security rule configuration for a network security group (Source IP address)
$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName "MyResource" -Name "MyNsg"
($nsg.SecurityRules | Where-Object {$_.Name -eq "RuleName"}).SourceAddressPrefix = ([System.String[]] @("xxx.xxx.xxx.xxx"))
$nsg | Set-AzNetworkSecurityGroup | Get-AzNetworkSecurityRuleConfig -Name "RuleName"
Parameters
-Access
Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.
Type: | String |
Accepted values: | Allow, Deny |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DefaultProfile
The credentials, account, tenant, and subscription used for communication with azure.
Type: | IAzureContextContainer |
Aliases: | AzContext, AzureRmContext, AzureCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Description
Specifies a description for a rule configuration. The maximum size is 140 characters.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DestinationAddressPrefix
Specifies a destination address prefix. The acceptable values for this parameter are:
- A Classless Interdomain Routing (CIDR) address
- A destination IP address range
- A wildcard character (*) to match any IP address. You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DestinationApplicationSecurityGroup
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Type: | PSApplicationSecurityGroup[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DestinationApplicationSecurityGroupId
The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-DestinationPortRange
Specifies a destination port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Direction
Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.
Type: | String |
Accepted values: | Inbound, Outbound |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Name
Specifies the name of the network security rule configuration that this cmdlet sets.
Type: | String |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-NetworkSecurityGroup
Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.
Type: | PSNetworkSecurityGroup |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Priority
Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Type: | Int32 |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Protocol
Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:
- Tcp
- Udp
- Icmp
- Esp
- Ah
- Wildcard character (*) to match all
Type: | String |
Accepted values: | Tcp, Udp, Icmp, Esp, Ah, * |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SourceAddressPrefix
Specifies a source address prefix. The acceptable values for this parameter are:
- A CIDR
- A source IP range
- A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SourceApplicationSecurityGroup
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Type: | PSApplicationSecurityGroup[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SourceApplicationSecurityGroupId
The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SourcePortRange
Specifies the source port or range. The acceptable values for this parameter are:
- An integer
- A range of integers between 0 and 65535
- A wildcard character (*) to match any port
Type: | String[] |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |