New-NetworkControllerAccessControlList

This cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface

Syntax

New-NetworkControllerAccessControlList
   [-ResourceId] <String>
   [[-Tags] <PSObject>]
   [-Properties] <AccessControlListProperties>
   [[-Etag] <String>]
   [[-ResourceMetadata] <ResourceMetadata>]
   [-Force]
   [-CertificateThumbprint <String>]
   [-Confirm]
   -ConnectionUri <Uri>
   [-Credential <PSCredential>]
   [-PassInnerException]
   [-WhatIf]
   [<CommonParameters>]

Description

The New-NetworkControllerAccessControlList cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface. Each access control list can contain multiple rules.

Examples

Example 1

This example creates an access control list with two rules. The first rule allows all inbound network traffic. The second rule allows all outbound network traffic.

$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties  
$ruleproperties.Protocol = "All"  
$ruleproperties.SourcePortRange = "0-65535"  
$ruleproperties.DestinationPortRange = "0-65535"  
$ruleproperties.Action = "Allow"  
$ruleproperties.SourceAddressPrefix = "*"  
$ruleproperties.DestinationAddressPrefix = "*"  
$ruleproperties.Priority = "100"  
$ruleproperties.Type = "Inbound"  
$ruleproperties.Logging = "Enabled"  
$aclrule1 = new-object Microsoft.Windows.NetworkController.AclRule  
$aclrule1.Properties = $ruleproperties  
$aclrule1.ResourceId = "AllowAll_Inbound"  
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRuleProperties  
$ruleproperties.Protocol = "All"  
$ruleproperties.SourcePortRange = "0-65535"  
$ruleproperties.DestinationPortRange = "0-65535"  
$ruleproperties.Action = "Allow"  
$ruleproperties.SourceAddressPrefix = "*"  
$ruleproperties.DestinationAddressPrefix = "*"  
$ruleproperties.Priority = "110"
$ruleproperties.Type = "Outbound"  
$ruleproperties.Logging = "Enabled"  
$aclrule2 = new-object Microsoft.Windows.NetworkController.AclRule  
$aclrule2.Properties = $ruleproperties  
$aclrule2.ResourceId = "AllowAll_Outbound"  
$acllistproperties = new-object Microsoft.Windows.NetworkController.AccessControlListProperties  
$acllistproperties.AclRules = @($aclrule1, $aclrule2)  
New-NetworkControllerAccessControlList -ResourceId "AllowAll" -Properties $acllistproperties -ConnectionUri <NC REST FQDN>

Required Parameters

-ConnectionUri

Specifies the Uniform Resource Identifier (URI) of the Network Controller that all Representational State Transfer (REST) clients use to connect to that controller.

Type:Uri
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Properties

Specifies the properties of an access control list. Each ACL consists of rules, with each rule having the following properties:

  1. Name
  2. Protocol
  3. Source port range
  4. Destination port range
  5. Action (Allow/Deny)
  6. Source Address prefix
  7. Destination address prefix
  8. Priority
  9. Type of rule (inbound/outbound)
  10. Whether logging is enabled or disabled
Type:AccessControlListProperties
Position:3
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False
-ResourceId

Specifies the unique identifier of the Access Control list.

Type:String
Position:0
Default value:None
Accept pipeline input:True (ByPropertyName)
Accept wildcard characters:False

Optional Parameters

-CertificateThumbprint

Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. In order for Network Controller to authorize the account, specify this thumbprint by using the ClientCertificateThumbprint parameter of the Install-NetworkController or Set-NetworkController cmdlet.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-Credential

Specifies a user credential that has permission to perform this action. The default value is the current user. This user must be a member of in the security group specified by the ClientSecurityGroup parameter of the Install-NetworkController cmdlet.

Type:PSCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Etag

Specifies the entity tag (ETag) of the resource. An ETag is an HTTP response header returned by an HTTP-compliant web server. An ETag is used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.

Type:String
Position:5
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Force

Forces the command to run without asking for user confirmation.

Type:SwitchParameter
Position:7
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-PassInnerException
Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-ResourceMetadata

Specifies metadata information for the client, such as the tenant ID, group ID, and resource name.

Type:ResourceMetadata
Position:6
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Tags
Type:PSObject
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

Each access control list contains multiple ACL rules. Each rule contains the following:

  1. Name
  2. Protocol
  3. Source port range
  4. Destination port range
  5. Action (Allow/Deny)
  6. Source Address prefix
  7. Destination address prefix
  8. Priority
  9. Type of rule (inbound/outbound)
  10. Whether logging is enabled or disabled