az network nsg rule
Manage network security group rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network nsg rule create |
Create a network security group rule. |
Core | GA |
| az network nsg rule delete |
Delete a network security group rule. |
Core | GA |
| az network nsg rule list |
List all rules in a network security group. |
Core | GA |
| az network nsg rule show |
Get the details of a network security group rule. |
Core | GA |
| az network nsg rule update |
Update a network security group rule. |
Core | GA |
| az network nsg rule wait |
Place the CLI in a waiting state until a condition is met. |
Core | GA |
az network nsg rule create
Create a network security group rule.
az network nsg rule create --name
--nsg-name
--priority
--resource-group
[--access {Allow, Deny}]
[--description]
[--destination-address-prefixes]
[--destination-asgs]
[--destination-port-ranges]
[--direction {Inbound, Outbound}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--protocol {*, Ah, Esp, Icmp, Tcp, Udp}]
[--source-address-prefixes]
[--source-asgs]
[--source-port-ranges]Examples
Create a basic "Allow" NSG rule with the highest priority.
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 100Create a "Deny" rule over TCP for a specific IP address range with the lowest priority.
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 4096 --source-address-prefixes 208.130.28.0/24 --source-port-ranges 80 --destination-address-prefixes '*' --destination-port-ranges 80 8080 --access Deny --protocol Tcp --description "Deny from specific IP address ranges on 80 and 8080."Create a security rule using service tags (https://aka.ms/servicetags).
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleWithTags --priority 400 --source-address-prefixes VirtualNetwork --destination-address-prefixes Storage --destination-port-ranges '*' --direction Outbound --access Allow --protocol Tcp --description "Allow VirtualNetwork to Storage."Create a security rule using application security groups (https://aka.ms/applicationsecuritygroups).
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleWithAsg --priority 500 --source-address-prefixes Internet --destination-port-ranges 80 8080 --destination-asgs Web --access Allow --protocol Tcp --description "Allow Internet to Web ASG on ports 80,8080."Required Parameters
Name of the network security group rule.
Name of the network security group.
Priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Network traffic is allowed or denied.
Description for this rule. Restricted to 140 chars.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs. Besides, it also supports all available Service Tags like 'ApiManagement', 'SqlManagement', 'AzureMonitor', etc. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
Do not wait for the long-running operation to finish.
Network protocol this rule applies to.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs. Besides, it also supports all available Service Tags like 'ApiManagement', 'SqlManagement', 'AzureMonitor', etc. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg rule delete
Delete a network security group rule.
az network nsg rule delete [--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--nsg-name]
[--resource-group]
[--subscription]Examples
Delete a network security group rule.
az network nsg rule delete -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the network security group rule.
Do not wait for the long-running operation to finish.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg rule list
List all rules in a network security group.
az network nsg rule list --nsg-name
--resource-group
[--include-default]Examples
List all rules in a network security group.
az network nsg rule list -g MyResourceGroup --nsg-name MyNsgRequired Parameters
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
Include default security rules in the output.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg rule show
Get the details of a network security group rule.
az network nsg rule show [--ids]
[--name]
[--nsg-name]
[--resource-group]
[--subscription]Examples
Get the details of a network security group rule.
az network nsg rule show -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleOptional Parameters
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the network security group rule.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg rule update
Update a network security group rule.
az network nsg rule update [--access {Allow, Deny}]
[--add]
[--description]
[--destination-address-prefixes]
[--destination-asgs]
[--destination-port-ranges]
[--direction {Inbound, Outbound}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--ids]
[--name]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--nsg-name]
[--priority]
[--protocol {*, Ah, Esp, Icmp, Tcp, Udp}]
[--remove]
[--resource-group]
[--set]
[--source-address-prefixes]
[--source-asgs]
[--source-port-ranges]
[--subscription]Examples
Update an NSG rule with a new wildcard destination address prefix.
az network nsg rule update -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --destination-address-prefix '*'Update a network security group rule.
az network nsg rule update --name MyNsgRule --nsg-name MyNsg --resource-group MyResourceGroup --source-address-prefixes 208.130.28/24Optional Parameters
Network traffic is allowed or denied.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Description for this rule. Restricted to 140 chars.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs. Besides, it also supports all available Service Tags like 'ApiManagement', 'SqlManagement', 'AzureMonitor', etc. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic.
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Name of the network security group rule.
Do not wait for the long-running operation to finish.
Name of the network security group.
Priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
Network protocol this rule applies to.
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs. Besides, it also supports all available Service Tags like 'ApiManagement', 'SqlManagement', 'AzureMonitor', etc. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of application security group names or IDs. Limited by backend server, temporarily this argument only supports one application security group name or ID. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
az network nsg rule wait
Place the CLI in a waiting state until a condition is met.
az network nsg rule wait [--created]
[--custom]
[--deleted]
[--exists]
[--ids]
[--interval]
[--name]
[--nsg-name]
[--resource-group]
[--subscription]
[--timeout]
[--updated]Optional Parameters
Wait until created with 'provisioningState' at 'Succeeded'.
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
Wait until deleted.
Wait until the resource exists.
One or more resource IDs (space-delimited). It should be a complete resource ID containing all information of 'Resource Id' arguments. You should provide either --ids or other 'Resource Id' arguments.
Polling interval in seconds.
Name of the network security group rule.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Maximum wait in seconds.
Wait until updated with provisioningState at 'Succeeded'.
Global Parameters
Increase logging verbosity to show all debug logs.
Show this help message and exit.
Only show errors, suppressing warnings.
Output format.
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
