Maybe this one helps?
Hyper-V Extended ACL - Can ICMP be stateful or not?
Can you add stateful ACL rules (on a Hyper-V Virtual Switch) on the ICMP protocol?
If not, this leaves you to either open ICMP to everyone or close ICMP to everyone including the VM itself.
Neither is secure or practical for such an important and basic functionality (ping).
Talking about this: https://learn.microsoft.com/en-us/powershell/module/hyper-v/add-vmnetworkadapterextendedacl?view=win10-ps
4 answers
Sort by: Most helpful
-
-
TimCerling(ret) 1,156 Reputation points
2020-08-02T12:45:14.643+00:00 "I am talking about creating stateful ICMP ACL rules on Hyper-V that applies to a VM."
That is asking for one operating system environment (the host Hyper-V) to impose restrictions on another operating system environment (a guest VM). They are two completely isolated environments. Host does not know what is going on within the guest; guest does not know what is going on within the host. Security boundaries are not bypassed.
-
Xiaowei He 9,871 Reputation points
2020-08-04T07:07:25.437+00:00 Hi,
Please try if the following command could work:
Add-VMNetworkAdapterExtendedAcl -VMName "xxxxxxxx" -Action Allow -Direction Outbound -Protocol 1 -Weight 100
According to the following article, we need to use the Protocol number for ICMP.
If the command could work for the VM, please also check if it meets your requirements, I also find an article about the Extend ACL not work for ICMP, however, there's not enough information about it. Attach it for your reference, and also appreciate your feedback about the test result.
Thanks for your time!
Best Regards,
Anne -
Dave Patrick 426.1K Reputation points MVP
2020-08-26T18:11:51.497+00:00 You can start a case here with product support. If its confirmed a bug then no charges will incur.
https://support.microsoft.com/en-us/hub/4343728/support-for-businessThe other completely free option is to report this as feedback over here on uservoice.,
https://windowsserver.uservoice.com/forums/295047-general-feedback--please don't forget to Accept as answer if the reply is helpful--