az network nsg rule
Manage network security group rules.
Commands
az network nsg rule create | Create a network security group rule. |
az network nsg rule delete | Delete a network security group rule. |
az network nsg rule list | List all rules in a network security group. |
az network nsg rule show | Get the details of a network security group rule. |
az network nsg rule update | Update a network security group rule. |
az network nsg rule create
Create a network security group rule.
az network nsg rule create --name
--nsg-name
--priority
--resource-group
[--access {Allow, Deny}]
[--description]
[--destination-address-prefixes]
[--destination-asgs]
[--destination-port-ranges]
[--direction {Inbound, Outbound}]
[--protocol {*, Tcp, Udp}]
[--source-address-prefixes]
[--source-asgs]
[--source-port-ranges]
Examples
Create a basic "Allow" NSG rule with the highest priority.
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 100
Create a "Deny" rule over TCP for a specific IP address range with the lowest priority.
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --priority 4096 \
--source-address-prefixes 208.130.28/24 --source-port-ranges 80 \
--destination-address-prefixes '*' --destination-port-ranges 80 8080 --access Deny \
--protocol Tcp --description "Deny from specific IP address ranges on 80 and 8080."
Create a security rule using service tags. For more details visit https://aka.ms/servicetags
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleWithTags \
--priority 400 --source-address-prefixes VirtualNetwork --destination-address-prefixes Storage \
--destination-port-ranges * --direction Outbound --access Allow --protocol Tcp --description "Allow VirtualNetwork to Storage."
Create a security rule using application security groups. https://aka.ms/applicationsecuritygroups
az network nsg rule create -g MyResourceGroup --nsg-name MyNsg -n MyNsgRuleWithAsg \
--priority 500 --source-address-prefixes Internet --destination-port-ranges 80 8080 \
--destination-asgs Web --access Allow --protocol Tcp --description "Allow Internet to Web ASG on ports 80,8080."
Required Parameters
Name of the network security group rule.
Name of the network security group.
Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Rule description.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs.
Space-separated list of application security group names or IDs.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.
Network protocol this rule applies to.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs.
Space-separated list of application security group names or IDs.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.
az network nsg rule delete
Delete a network security group rule.
az network nsg rule delete --name
--nsg-name
--resource-group
Examples
Delete a network security group rule.
az network nsg rule delete -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule
Required Parameters
Name of the network security group rule.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
az network nsg rule list
List all rules in a network security group.
az network nsg rule list --nsg-name
--resource-group
Examples
List all rules in a network security group.
az network nsg rule list -g MyResourceGroup --nsg-name MyNsg
Required Parameters
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
az network nsg rule show
Get the details of a network security group rule.
az network nsg rule show --name
--nsg-name
--resource-group
Examples
Get the details of a network security group rule.
az network nsg rule show -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule
Required Parameters
Name of the network security group rule.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
az network nsg rule update
Update a network security group rule.
az network nsg rule update --name
--nsg-name
--resource-group
[--access {Allow, Deny}]
[--add]
[--description]
[--destination-address-prefixes]
[--destination-asgs]
[--destination-port-ranges]
[--direction {Inbound, Outbound}]
[--priority]
[--protocol {*, Tcp, Udp}]
[--remove]
[--set]
[--source-address-prefixes]
[--source-asgs]
[--source-port-ranges]
Examples
Update an NSG rule with a new wildcard destination address prefix.
az network nsg rule update -g MyResourceGroup --nsg-name MyNsg -n MyNsgRule --destination-address-prefix '*'
Required Parameters
Name of the network security group rule.
Name of the network security group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>
.
Optional Parameters
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
Rule description.
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs.
Space-separated list of application security group names or IDs.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.
Rule priority, between 100 (highest priority) and 4096 (lowest priority). Must be unique for each rule in the collection.
Network protocol this rule applies to.
Remove a property or an element from a list. Example: --remove property.list
Update an object by specifying a property path and value to set. Example: --set property1.property2=
Space-separated list of CIDR prefixes or IP ranges. Alternatively, specify ONE of 'VirtualNetwork', 'AzureLoadBalancer', 'Internet' or '*' to match all IPs.
Space-separated list of application security group names or IDs.
Space-separated list of ports or port ranges between 0-65535. Use '*' to match all ports.