New-NetworkControllerAccessControlList
This cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface
Syntax
New-NetworkControllerAccessControlList
[-ResourceId] <String>
[[-Tags] <PSObject>]
[-Properties] <AccessControlListProperties>
[[-Etag] <String>]
[[-ResourceMetadata] <ResourceMetadata>]
[-Force]
-ConnectionUri <Uri>
[-CertificateThumbprint <String>]
[-Credential <PSCredential>]
[-PassInnerException]
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The New-NetworkControllerAccessControlList cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface. Each access control list can contain multiple rules.
Examples
Example 1
This example creates an access control list with two rules. The first rule allows all inbound network traffic. The second rule allows all outbound network traffic.
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "100"
$ruleproperties.Type = "Inbound"
$ruleproperties.Logging = "Enabled"
$aclrule1 = new-object Microsoft.Windows.NetworkController.AclRule
$aclrule1.Properties = $ruleproperties
$aclrule1.ResourceId = "AllowAll_Inbound"
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties
$ruleproperties.Protocol = "All"
$ruleproperties.SourcePortRange = "0-65535"
$ruleproperties.DestinationPortRange = "0-65535"
$ruleproperties.Action = "Allow"
$ruleproperties.SourceAddressPrefix = "*"
$ruleproperties.DestinationAddressPrefix = "*"
$ruleproperties.Priority = "110"
$ruleproperties.Type = "Outbound"
$ruleproperties.Logging = "Enabled"
$aclrule2 = new-object Microsoft.Windows.NetworkController.AclRule
$aclrule2.Properties = $ruleproperties
$aclrule2.ResourceId = "AllowAll_Outbound"
$acllistproperties = new-object Microsoft.Windows.NetworkController.AccessControlListProperties
$acllistproperties.AclRules = @($aclrule1, $aclrule2)
New-NetworkControllerAccessControlList -ResourceId "AllowAll" -Properties $acllistproperties -ConnectionUri <NC REST FQDN>Parameters
-CertificateThumbprint
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. In order for Network Controller to authorize the account, specify this thumbprint by using the ClientCertificateThumbprint parameter of the Install-NetworkController or Set-NetworkController cmdlet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-ConnectionUri
Specifies the Uniform Resource Identifier (URI) of the Network Controller that all Representational State Transfer (REST) clients use to connect to that controller.
| Type: | Uri |
| Position: | Named |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Credential
Specifies a user credential that has permission to perform this action. The default value is the current user. This user must be a member of in the security group specified by the ClientSecurityGroup parameter of the Install-NetworkController cmdlet.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Etag
Specifies the entity tag (ETag) of the resource. An ETag is an HTTP response header returned by an HTTP-compliant web server. An ETag is used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.
| Type: | String |
| Position: | 5 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Force
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | 7 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-PassInnerException
This thumbprint must also be provided in the ClientCertificateThumbprint parameter in the Install-NetworkController or Set-NetworkController cmdlet so that Network Controller can authorize this user.
The thumbprint must be provided only if the network controller client authentication is X509 certificates. Get-NetworkController retrieves that client authentication and authorization information.
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Properties
Specifies the properties of an access control list. Each ACL consists of rules, with each rule having the following properties:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled
| Type: | AccessControlListProperties |
| Position: | 3 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceId
Specifies the unique identifier of the Access Control list.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Required: | True |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-ResourceMetadata
Specifies metadata information for the client, such as the tenant ID, group ID, and resource name.
| Type: | ResourceMetadata |
| Position: | 6 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Tags
| Type: | PSObject |
| Position: | 1 |
| Default value: | None |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Required: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Microsoft.Windows.NetworkController.AccessControlListProperties
Each access control list contains multiple ACL rules. Each rule contains the following:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled