你当前正在访问 Microsoft Azure Global Edition 技术文档网站。 如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站,请访问 https://docs.azure.cn

Set-AzNetworkSecurityRuleConfig

Updates a network security rule configuration for a network security group.

Syntax

Set-AzNetworkSecurityRuleConfig
   -Name <String>
   -NetworkSecurityGroup <PSNetworkSecurityGroup>
   [-Description <String>]
   [-Protocol <String>]
   [-SourcePortRange <String[]>]
   [-DestinationPortRange <String[]>]
   [-SourceAddressPrefix <String[]>]
   [-DestinationAddressPrefix <String[]>]
   [-SourceApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
   [-DestinationApplicationSecurityGroup <PSApplicationSecurityGroup[]>]
   [-Access <String>]
   [-Priority <Int32>]
   [-Direction <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]
Set-AzNetworkSecurityRuleConfig
   -Name <String>
   -NetworkSecurityGroup <PSNetworkSecurityGroup>
   [-Description <String>]
   [-Protocol <String>]
   [-SourcePortRange <String[]>]
   [-DestinationPortRange <String[]>]
   [-SourceAddressPrefix <String[]>]
   [-DestinationAddressPrefix <String[]>]
   [-SourceApplicationSecurityGroupId <String[]>]
   [-DestinationApplicationSecurityGroupId <String[]>]
   [-Access <String>]
   [-Priority <Int32>]
   [-Direction <String>]
   [-DefaultProfile <IAzureContextContainer>]
   [<CommonParameters>]

Description

The Set-AzNetworkSecurityRuleConfig cmdlet updates a network security rule configuration for a network security group.

Examples

Example 1: Change the access configuration in a network security rule

$nsg = Get-AzNetworkSecurityGroup -Name "NSG-FrontEnd" -ResourceGroupName "TestRG"
$nsg | Get-AzNetworkSecurityRuleConfig -Name "rdp-rule"
Set-AzNetworkSecurityRuleConfig -Name "rdp-rule" -NetworkSecurityGroup $nsg -Access "Deny"

The first command gets the network security group named NSG-FrontEnd, and then stores it in the variable $nsg. The second command uses the pipeline operator to pass the security group in $nsg to Get-AzNetworkSecurityRuleConfig, which gets the security rule configuration named rdp-rule. The third command changes the access configuration of rdp-rule to Deny. However, this overwrites the rule and only sets the parameters that are passed to the Set-AzNetworkSecurityRuleConfig function. NOTE: There is no way to change a single attribute

Example 2

Updates a network security rule configuration for a network security group. (autogenerated)

Set-AzNetworkSecurityRuleConfig -Access Allow -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *

Example 3

Updates a network security rule configuration for a network security group. (autogenerated)

Set-AzNetworkSecurityRuleConfig -Access Allow -Description 'Allow RDP' -DestinationAddressPrefix * -DestinationPortRange 3389 -Direction Inbound -Name 'rdp-rule' -NetworkSecurityGroup <PSNetworkSecurityGroup> -Priority 1 -Protocol Tcp -SourceAddressPrefix 'Internet' -SourcePortRange *

Example 4

Updates a network security rule configuration for a network security group (Source IP address)

$nsg = Get-AzNetworkSecurityGroup -ResourceGroupName "MyResource" -Name "MyNsg"
($nsg.SecurityRules | Where-Object {$_.Name -eq "RuleName"}).SourceAddressPrefix = ([System.String[]] @("xxx.xxx.xxx.xxx"))
$nsg | Set-AzNetworkSecurityGroup | Get-AzNetworkSecurityRuleConfig -Name "RuleName"

Parameters

-Access

Specifies whether network traffic is allowed or denied. The acceptable values for this parameter are: Allow and Deny.

Type:String
Accepted values:Allow, Deny
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DefaultProfile

The credentials, account, tenant, and subscription used for communication with azure.

Type:IAzureContextContainer
Aliases:AzContext, AzureRmContext, AzureCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Description

Specifies a description for a rule configuration. The maximum size is 140 characters.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DestinationAddressPrefix

Specifies a destination address prefix. The acceptable values for this parameter are:

  • A Classless Interdomain Routing (CIDR) address
  • A destination IP address range
  • A wildcard character (*) to match any IP address. You can use tags such as VirtualNetwork, AzureLoadBalancer, and Internet.
Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DestinationApplicationSecurityGroup

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type:PSApplicationSecurityGroup[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DestinationApplicationSecurityGroupId

The application security group set as destination for the rule. It cannot be used with 'DestinationAddressPrefix' parameter.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-DestinationPortRange

Specifies a destination port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port
Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Direction

Specifies whether a rule is evaluated for incoming or outgoing traffic. The acceptable values for this parameter are: Inbound and Outbound.

Type:String
Accepted values:Inbound, Outbound
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Name

Specifies the name of the network security rule configuration that this cmdlet sets.

Type:String
Position:Named
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-NetworkSecurityGroup

Specifies the NetworkSecurityGroup object that contains the network security rule configuration to set.

Type:PSNetworkSecurityGroup
Position:Named
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Priority

Specifies the priority of a rule configuration. The acceptable values for this parameter are:An integer between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Protocol

Specifies the network protocol that a rule configuration applies to. The acceptable values for this parameter are:

  • Tcp
  • Udp
  • Icmp
  • Esp
  • Ah
  • Wildcard character (*) to match all
Type:String
Accepted values:Tcp, Udp, Icmp, Esp, Ah, *
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourceAddressPrefix

Specifies a source address prefix. The acceptable values for this parameter are:

  • A CIDR
  • A source IP range
  • A wildcard character (*) to match any IP address. You can also use tags such as VirtualNetwork, AzureLoadBalancer and Internet.
Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourceApplicationSecurityGroup

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type:PSApplicationSecurityGroup[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourceApplicationSecurityGroupId

The application security group set as source for the rule. It cannot be used with 'SourceAddressPrefix' parameter.

Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-SourcePortRange

Specifies the source port or range. The acceptable values for this parameter are:

  • An integer
  • A range of integers between 0 and 65535
  • A wildcard character (*) to match any port
Type:String[]
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

PSNetworkSecurityGroup

Outputs

PSNetworkSecurityGroup