Network security group rules - az network nsg rule

Manage NSG rules.

Commands

az network nsg rule create Create an NSG rule.
az network nsg rule delete Delete an NSG rule.
az network nsg rule list List all rules in an NSG.
az network nsg rule show Show details of an NSG rule.
az network nsg rule update Update an NSG rule.

az network nsg rule create

Create an NSG rule.

az network nsg rule create --name
--nsg-name
--priority
--resource-group
[--access {Allow, Deny}]
[--description]
[--destination-address-prefix]
[--destination-port-range]
[--direction {Inbound, Outbound}]
[--protocol {*, Tcp, Udp}]
[--source-address-prefix]
[--source-port-range]

Examples

Create a basic "Allow" NSG rule with the highest priority (that is, 100). By default, source address and port are "*" and destination address is "*:80".

az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 100

Create a "Deny" rule over TCP for a specific IP address range with the lowest priority (that is, 4096).

az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 4096 --source-address-prefix 208.130.28/24 --source-port-range 80 --destination-address-prefix * --destination-port-range 80 --access Deny --protocol Tcp --description "Deny from specific IP address range on 80."

Required Parameters

--name -n

Name of the network security group rule.

--nsg-name

Name of the network security group.

--priority

Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--access
accepted values: Allow, Deny
default value: Allow
--description

Rule description.

--destination-address-prefix

CIDR prefix or IP range. Use '*' to match all IPs. Can also use 'VirtualNetwork', 'AzureLoadBalancer', and 'Internet'.

--destination-port-range

Port or port range between 0-65535. Use '*' to match all ports.

default value: 80
--direction
accepted values: Inbound, Outbound
default value: Inbound
--protocol

Network protocol this rule applies to.

accepted values: *, Tcp, Udp
--source-address-prefix

CIDR prefix or IP range. Use '*' to match all IPs. Can also use 'VirtualNetwork', 'AzureLoadBalancer', and 'Internet'.

--source-port-range

Port or port range between 0-65535. Use '*' to match all ports.

az network nsg rule delete

Delete an NSG rule.

az network nsg rule delete --name
--nsg-name
--resource-group

Required Parameters

--name -n

Name of the network security group rule.

--nsg-name

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

az network nsg rule list

List all rules in an NSG.

az network nsg rule list --nsg-name
--resource-group

Required Parameters

--nsg-name

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

az network nsg rule show

Show details of an NSG rule.

az network nsg rule show --name
--nsg-name
--resource-group

Required Parameters

--name -n

Name of the network security group rule.

--nsg-name

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

az network nsg rule update

Update an NSG rule.

az network nsg rule update --name
--nsg-name
--resource-group
[--access {Allow, Deny}]
[--add]
[--description]
[--destination-address-prefix]
[--destination-port-range]
[--direction {Inbound, Outbound}]
[--priority]
[--protocol {*, Tcp, Udp}]
[--remove]
[--set]
[--source-address-prefix]
[--source-port-range]

Examples

Update an NSG rule with a new wildcard destination address prefix.

az network nsg rule update -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --destination-address-prefix *

Required Parameters

--name -n

Name of the network security group rule.

--nsg-name

Name of the network security group.

--resource-group -g

Name of resource group. You can configure the default group using az configure --defaults group=.

Optional Parameters

--access
accepted values: Allow, Deny
--add

Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty .

--description

Rule description.

--destination-address-prefix

CIDR prefix or IP range. Use '*' to match all IPs. Can also use 'VirtualNetwork', 'AzureLoadBalancer', and 'Internet'.

--destination-port-range

Port or port range between 0-65535. Use '*' to match all ports.

--direction
accepted values: Inbound, Outbound
--priority

Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection.

--protocol

Network protocol this rule applies to.

accepted values: *, Tcp, Udp
--remove

Remove a property or an element from a list. Example: --remove property.list OR --remove propertyToRemove.

--set

Update an object by specifying a property path and value to set. Example: --set property1.property2=.

--source-address-prefix

CIDR prefix or IP range. Use '*' to match all IPs. Can also use 'VirtualNetwork', 'AzureLoadBalancer', and 'Internet'.

--source-port-range

Port or port range between 0-65535. Use '*' to match all ports.