New-NetworkControllerAccessControlList
This cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface
Syntax
New-NetworkControllerAccessControlList
[-ResourceId] <String>
[[-Tags] <PSObject>]
[-Properties] <AccessControlListProperties>
[[-Etag] <String>]
[[-ResourceMetadata] <ResourceMetadata>]
[-Force]
-ConnectionUri <Uri>
[-CertificateThumbprint <String>]
[-Credential <PSCredential>]
[-PassInnerException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The New-NetworkControllerAccessControlList cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface. Each access control list can contain multiple rules.
Examples
Example 1
This example creates an access control list with two rules. The first rule allows all inbound network traffic. The second rule allows all outbound network traffic.
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "100"
$ruleproperties.Type = "Inbound"
$ruleproperties.Logging = "Enabled"
$aclrule1 = new-object Microsoft.Windows.NetworkController.AclRule
$aclrule1.Properties = $ruleproperties
$aclrule1.ResourceId = "AllowAll_Inbound"
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "110"
$ruleproperties.Type = "Outbound"
$ruleproperties.Logging = "Enabled"
$aclrule2 = new-object Microsoft.Windows.NetworkController.AclRule
$aclrule2.Properties = $ruleproperties
$aclrule2.ResourceId = "AllowAll_Outbound"
$acllistproperties = new-object Microsoft.Windows.NetworkController.AccessControlListProperties
$acllistproperties.AclRules = @($aclrule1, $aclrule2)
New-NetworkControllerAccessControlList -ResourceId "AllowAll" -Properties $acllistproperties -ConnectionUri <NC REST FQDN>
Parameters
-CertificateThumbprint
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. In order for Network Controller to authorize the account, specify this thumbprint by using the ClientCertificateThumbprint parameter of the Install-NetworkController or Set-NetworkController cmdlet.
Type: | String |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-ConnectionUri
Specifies the Uniform Resource Identifier (URI) of the Network Controller that all Representational State Transfer (REST) clients use to connect to that controller.
Type: | Uri |
Position: | Named |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Credential
Specifies a user credential that has permission to perform this action. The default value is the current user. This user must be a member of in the security group specified by the ClientSecurityGroup parameter of the Install-NetworkController cmdlet.
Type: | PSCredential |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Etag
Specifies the entity tag (ETag) of the resource. An ETag is an HTTP response header returned by an HTTP-compliant web server. An ETag is used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.
Type: | String |
Position: | 5 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
Type: | SwitchParameter |
Position: | 7 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-PassInnerException
Type: | SwitchParameter |
Position: | Named |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Properties
Specifies the properties of an access control list. Each ACL consists of rules, with each rule having the following properties:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled
Type: | AccessControlListProperties |
Position: | 3 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceId
Specifies the unique identifier of the Access Control list.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-ResourceMetadata
Specifies metadata information for the client, such as the tenant ID, group ID, and resource name.
Type: | ResourceMetadata |
Position: | 6 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Tags
Type: | PSObject |
Position: | 1 |
Default value: | None |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
Each access control list contains multiple ACL rules. Each rule contains the following:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled