Add-VMNetworkAdapterAcl
Add-VMNetworkAdapterAcl
Creates an ACL to apply to the traffic through a virtual machine network adapter.
Syntax
Parameter Set: VMName
Add-VMNetworkAdapterAcl [-VMName] <String[]> -Action <VMNetworkAdapterAclAction> -Direction <VMNetworkAdapterAclDirection> [-ComputerName <String[]> ] [-LocalIPAddress <String[]> ] [-LocalMacAddress <String[]> ] [-Passthru] [-RemoteIPAddress <String[]> ] [-RemoteMacAddress <String[]> ] [-VMNetworkAdapterName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ManagementOS
Add-VMNetworkAdapterAcl -Action <VMNetworkAdapterAclAction> -Direction <VMNetworkAdapterAclDirection> -ManagementOS [-ComputerName <String[]> ] [-LocalIPAddress <String[]> ] [-LocalMacAddress <String[]> ] [-Passthru] [-RemoteIPAddress <String[]> ] [-RemoteMacAddress <String[]> ] [-VMNetworkAdapterName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: ResourceObject
Add-VMNetworkAdapterAcl [-VMNetworkAdapter] <VMNetworkAdapterBase[]> -Action <VMNetworkAdapterAclAction> -Direction <VMNetworkAdapterAclDirection> [-LocalIPAddress <String[]> ] [-LocalMacAddress <String[]> ] [-Passthru] [-RemoteIPAddress <String[]> ] [-RemoteMacAddress <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Parameter Set: VMObject
Add-VMNetworkAdapterAcl [-VM] <VirtualMachine[]> -Action <VMNetworkAdapterAclAction> -Direction <VMNetworkAdapterAclDirection> [-LocalIPAddress <String[]> ] [-LocalMacAddress <String[]> ] [-Passthru] [-RemoteIPAddress <String[]> ] [-RemoteMacAddress <String[]> ] [-VMNetworkAdapterName <String> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Add-VMNetworkAdapterAcl cmdlet creates an ACL to apply to the traffic through a virtual machine network adapter. When a virtual network adapter is created there is no ACL on it. Given a list of IP-based ACL entries to be applied to traffic in the same direction, the longest match rule decides which one of the entries is most appropriate to apply to a specific packet.
Parameters
-Action<VMNetworkAdapterAclAction>
Specifies the action for the ACL. Allowed values are Allow, Deny, and Meter. A metering ACL must be IP-based, i.e. either -RemoteIPAddress or -LocalIPAddress must be specified.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ComputerName<String[]>
Specifies one or more Hyper-V hosts on which the ACL is to be created. NetBIOS names, IP addresses, and fully-qualified domain names are allowable. The default is the local computer — use “localhost” or a dot (“.”) to specify the local computer explicitly.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Direction<VMNetworkAdapterAclDirection>
Specifies the direction of the network traffic to which the ACL is to apply. Allowed values are Inbound, Outbound, or Both. . If Both is specified, the new ACL entry is added to both the inbound direction and the outbound direction. In the output of Get-VMNetworkAdapterAcl, the ACL entry appears in both the inbound ACL list and the outbound ACL list.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-LocalIPAddress<String[]>
Specifies the local IP address to which the ACL is to apply. For an inbound packet, this is the destination IP address in the packet header; for an outbound packet, this is the source IP address in the packet header. It can be either IPv4 or IPv6 address. It can be either a host address or a subnet address, e.g. 1.2.3.4, 2001::2008, 192.168.1.0/24, or f001:f002:f003:f004::1/64. The IP address can also be a wildcard, 0.0.0.0/0 for all IPv4 addresses, ::/0 for all IPv6 addresses, or ANY for all IPv4 and IPv6 addresses.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-LocalMacAddress<String[]>
Specifies the local MAC address to which the ACL is to apply. For an inbound packet, this is the destination MAC address in the packet header; for an outbound packet, this is the source MAC address in the packet header. It can be a host MAC address, e.g. 00-ab-00-11-22-33, or a wildcard, ANY, for all MAC addresses.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-ManagementOS
Specifies that the ACL is to be applied in the management (i.e. the parent, or host) operating system.
Aliases |
none |
Required? |
true |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Passthru
Specifies that an object is to be passed through to the pipeline representing the ACL to be added.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-RemoteIPAddress<String[]>
Specifies the remote IP address to which this ACL is to apply. For an inbound packet, this is the source IP address in the packet header; for an outbound packet, this is the destination IP address in the packet header. It can be either IPv4 or IPv6 address. It can be either a host address or a subnet address, e.g. 1.2.3.4, 2001::2008, 192.168.1.0/24, or f001:f002:f003:f004::1/64.the IP address can also be a wildcard, 0.0.0.0/0 for all IPv4 addresses, ::/0 for all IPv6 addresses, or ANY for all IPv4 and IPv6 addresses.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-RemoteMacAddress<String[]>
Specifies the remote MAC address to which this ACL is to apply. For an inbound packet, this is the source MAC address in the packet header; for an outbound packet, this is the destination MAC address in the packet header. It can be a host MAC address, e.g. 00-ab-00-11-22-33, or a wildcard, ANY, for all MAC addresses.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-VM<VirtualMachine[]>
Specifies the virtual machine on which the ACL is to apply.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
-VMName<String[]>
Specifies the name of the virtual machine on which the ACL is to apply.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
-VMNetworkAdapter<VMNetworkAdapterBase[]>
Specifies the virtual machine network adapter to which the ACL is to apply.
Aliases |
none |
Required? |
true |
Position? |
1 |
Default Value |
none |
Accept Pipeline Input? |
True (ByValue) |
Accept Wildcard Characters? |
false |
-VMNetworkAdapterName<String>
Specifies the name of the virtual machine network adapter to which the ACL is to apply.
Aliases |
none |
Required? |
false |
Position? |
named |
Default Value |
none |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Required? |
false |
Position? |
named |
Default Value |
false |
Accept Pipeline Input? |
false |
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
Outputs
The output type is the type of the objects that the cmdlet emits.
- None by default; Microsoft.Virtualization.Powershell.VMNetworkAdapterAclSetting if –PassThru is specified.
Examples
Example 1
This example adds an ACL to allow virtual machine Redmond to send to and receive from traffic on IP subnet 10.0.0.8/8.
PS C:\> Add-VMNetworkAdapterAcl –VMName Redmond –RemoteIPAddress 10.0.0.0/8 –Direction Both –Action Allow
Example 2
This example adds an ACL to deny virtual machine Redmond to send either IPv4 or IPv6 traffic to anywhere and receive such traffic from anywhere.
PS C:\> Add-VMNetworkAdapterAcl –VMName Redmond –RemoteIPAddress ANY –Direction Both –Action Deny
Example 3
This example gets virtual machine Redmond and adds an ACL to deny it to send any traffic to a device with MAC address 03-0f-01-0e-aa-b2 or to receive any traffic from that device.
PS C:\> Get-VM Redmond | Add-VMNetworkAdapterAcl -RemoteMacAddress 03-0f-01-0e-aa-b2 -Direction Both -Action Deny
Example 4
This example gets virtual network adapters from virtual machine Redmond and adds an ACL to meter outgoing traffic sent to IP subnet 192.168.0.0/16.
PS C:\> Get-VMNetworkAdapter -VMName Redmond | Add-VMNetworkAdapterAcl -RemoteIPAddress 192.168.0.0/16 -Direction Outbound -Action Meter