New-NetworkControllerAccessControlListRule
This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface
Syntax
New-NetworkControllerAccessControlListRule
-ConnectionUri <Uri>
-Properties <AclRuleProperties>
-ResourceId <string>
[-AccessControlListId <string>]
[-CertificateThumbPrint <string>]
[-Credential <PSCredential>]
[-Etag <string>]
[-Force]
[-ResourceMetadata <ResourceMetadata>] Description
This cmdlet creates a new ACL rule to allow/deny traffic to/from a particular virtual subnet or network interface. Each rule consists of a name, protocol, source and destination port range, source and destination IP address range, action (Allow/deny), priority, type (inbound/outbound) and whether logging is enabled or disabled for the rule.
Examples
Example 1
The above example adds a new ACL rule to an ACL list named Subnet1ACL. This rule allows all inbound traffic.
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "100"
$ruleproperties.Type = "Inbound"
$ruleproperties.Logging = "Enabled"
New-NetworkControllerAccessControlListRule -ConnectionUri https://networkcontroller -ResourceId "AllowAllInbound" -AccessControlListId "Subnet1ACL"Parameters
-AccessControlListId
Specifies the ID of the ACL.
| Type: | string |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-CertificateThumbprint
Specifies the digital public key X.509 certificate of a user account that has permission to perform this action. This is the certificate thumbprint of the certificate. This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.
| Type: | string |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ConnectionUri
Specifies the Uniform Resource Identifier (URI) of the Network Controller, used by all Representational State Transfer (REST) clients to connect to Network Controller.
| Type: | Uri |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Credential
Specifies a user credential that has permission to perform this action. The default value is the current user.This user must be present in the security group provided in the ClientSecurityGroup parameter in the Install-NetworkController cmdlet.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Etag
Specifies the entity tag (ETag) parameter of the resource. An ETag (entity tag) is an HTTP response header returned by an HTTP-compliant web server used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.
| Type: | string |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | switch |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Properties
Specifies the properties of an ACL rule
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled
| Type: | AclRuleProperties |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceId
Specifies the ID of the ACL resource
| Type: | string |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ResourceMetadata
This parameter contains metadata information for the client, such as the tenant ID, group ID, and resource name.
| Type: | ResourceMetadata |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Following properties can be provided for each ACL rule:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled