windowsFirewallRule 资源类型windowsFirewallRule resource type

命名空间:microsoft.graphNamespace: microsoft.graph

重要说明: /Beta 版本下的 Microsoft Graph Api 可能会发生更改;不支持生产使用。Important: Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

注意: 适用于 Intune 的 Microsoft Graph API 需要适用于租户的 活动 Intune 许可证Note: The Microsoft Graph API for Intune requires an active Intune license for the tenant.

通过 Windows 防火墙控制流量的规则。A rule controlling traffic through the Windows Firewall.

属性Properties

属性Property 类型Type 说明Description
displayNamedisplayName StringString 规则的显示名称。The display name of the rule. 不需要是唯一的。Does not need to be unique.
descriptiondescription StringString 规则的说明。The description of the rule.
packageFamilyNamepackageFamilyName StringString 受防火墙规则影响的 Microsoft Store 应用程序的程序包系列名称。The package family name of a Microsoft Store application that's affected by the firewall rule.
路径filePath StringString 受防火墙规则影响的应用程序的完整文件路径。The full file path of an app that's affected by the firewall rule.
serviceNameserviceName StringString 当服务(而不是应用程序)发送或接收通信时使用的名称。The name used in cases when a service, not an application, is sending or receiving traffic.
协议protocol Int32Int32 0-255 表示 IP 协议 (TCP = 6,UDP = 17) 的数字。0-255 number representing the IP protocol (TCP = 6, UDP = 17). 如果未指定,则默认值为 All。If not specified, the default is All. 有效值为0至255Valid values 0 to 255
localPortRangeslocalPortRanges String 集合String collection 本地端口范围的列表。List of local port ranges. 例如,"100-120","200","300-320"。For example, "100-120", "200", "300-320". 如果未指定,则默认值为 All。If not specified, the default is All.
remotePortRangesremotePortRanges String 集合String collection 远程端口范围的列表。List of remote port ranges. 例如,"100-120","200","300-320"。For example, "100-120", "200", "300-320". 如果未指定,则默认值为 All。If not specified, the default is All.
localAddressRangeslocalAddressRanges String 集合String collection 规则所涵盖的本地地址的列表。List of local addresses covered by the rule. 默认值为任意地址。Default is any address. 有效令牌包括:Valid tokens include:
  • "*" 表示任何本地地址。"*" indicates any local address. 如果存在此标记,则必须是包含的唯一标记。If present, this must be the only token included.
  • 可以使用子网掩码或网络前缀表示法指定子网。A subnet can be specified using either the subnet mask or network prefix notation. 如果不指定子网掩码和网络前缀,则子网掩码默认为255.255.255.255。If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
  • 有效的 IPv6 地址。A valid IPv6 address.
  • 不包含空格的 IPv4 地址范围,格式为 "起始地址-结束地址"。An IPv4 address range in the format of "start address - end address" with no spaces included.
  • 不包含空格的 IPv6 地址范围,格式为 "起始地址-结束地址"。An IPv6 address range in the format of "start address - end address" with no spaces included.
remoteAddressRangesremoteAddressRanges String 集合String collection 指定规则所涵盖的远程地址的令牌列表。List of tokens specifying the remote addresses covered by the rule. 标记不区分大小写。Tokens are case insensitive. 默认值为任意地址。Default is any address. 有效令牌包括:Valid tokens include:
  • "*" 表示任何远程地址。"*" indicates any remote address. 如果存在此标记,则必须是包含的唯一标记。If present, this must be the only token included.
  • "Defaultgateway""Defaultgateway"
  • LDHCP"DHCP"
  • DN"DNS"
  • 首选"WINS"
  • Windows 版本1809上支持 "Intranet" (+) "Intranet" (supported on Windows versions 1809+)
  • Windows 版本 1809 (支持 "RmtIntranet") "RmtIntranet" (supported on Windows versions 1809+)
  • Windows 版本1809和) 支持的 "Internet" ("Internet" (supported on Windows versions 1809+)
  • Windows 版本 1809 (支持 "Ply2Renders") "Ply2Renders" (supported on Windows versions 1809+)
  • "LocalSubnet" 指示本地子网上的任何本地地址。"LocalSubnet" indicates any local address on the local subnet.
  • 可以使用子网掩码或网络前缀表示法指定子网。A subnet can be specified using either the subnet mask or network prefix notation. 如果不指定子网掩码和网络前缀,则子网掩码默认为255.255.255.255。If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.
  • 有效的 IPv6 地址。A valid IPv6 address.
  • 不包含空格的 IPv4 地址范围,格式为 "起始地址-结束地址"。An IPv4 address range in the format of "start address - end address" with no spaces included.
  • 不包含空格的 IPv6 地址范围,格式为 "起始地址-结束地址"。An IPv6 address range in the format of "start address - end address" with no spaces included.
profileTypesprofileTypes windowsFirewallRuleNetworkProfileTypeswindowsFirewallRuleNetworkProfileTypes 指定规则所属的配置文件。Specifies the profiles to which the rule belongs. 如果未指定,则默认值为 All。If not specified, the default is All. 可取值为:notConfigureddomainprivatepublicPossible values are: notConfigured, domain, private, public.
actionaction stateManagementSettingstateManagementSetting 规则强制执行的操作。The action the rule enforces. 如果未指定,则允许使用默认值。If not specified, the default is Allowed. 可取值为:notConfiguredblockedallowedPossible values are: notConfigured, blocked, allowed.
trafficDirectiontrafficDirection windowsFirewallRuleTrafficDirectionTypewindowsFirewallRuleTrafficDirectionType 启用了规则的流量方向。The traffic direction that the rule is enabled for. 如果未指定,则默认值为 Out。可能的值为: notConfiguredoutinIf not specified, the default is Out. Possible values are: notConfigured, out, in.
interfaceTypesinterfaceTypes windowsFirewallRuleInterfaceTypeswindowsFirewallRuleInterfaceTypes 规则的接口类型。The interface types of the rule. 可取值为:notConfiguredremoteAccesswirelesslanPossible values are: notConfigured, remoteAccess, wireless, lan.
edgeTraversaledgeTraversal stateManagementSettingstateManagementSetting 指示是否为此规则启用或禁用边缘遍历。Indicates whether edge traversal is enabled or disabled for this rule. EdgeTraversal 设置指示允许特定入站流量通过 Nat 和使用 Teredo 隧道技术的其他边缘设备进行隧道传递。The EdgeTraversal setting indicates that specific inbound traffic is allowed to tunnel through NATs and other edge devices using the Teredo tunneling technology. 为了使此设置正常工作,具有入站防火墙规则的应用程序或服务需要支持 IPv6。In order for this setting to work correctly, the application or service with the inbound firewall rule needs to support IPv6. 此设置的主应用程序允许主机上的侦听器通过 Teredo IPv6 地址进行全局寻址。The primary application of this setting allows listeners on the host to be globally addressable through a Teredo IPv6 address. 默认情况下,新规则已禁用 EdgeTraversal 属性。New rules have the EdgeTraversal property disabled by default. 可取值为:notConfiguredblockedallowedPossible values are: notConfigured, blocked, allowed.
localUserAuthorizationslocalUserAuthorizations StringString 指定应用程序容器的授权本地用户的列表。Specifies the list of authorized local users for the app container. 这是安全描述符定义语言 (SDDL) 格式的字符串。This is a string in Security Descriptor Definition Language (SDDL) format.

关系Relationships

None

JSON 表示形式JSON Representation

下面是资源的 JSON 表示形式。Here is a JSON representation of the resource.

{
  "@odata.type": "#microsoft.graph.windowsFirewallRule",
  "displayName": "String",
  "description": "String",
  "packageFamilyName": "String",
  "filePath": "String",
  "serviceName": "String",
  "protocol": 1024,
  "localPortRanges": [
    "String"
  ],
  "remotePortRanges": [
    "String"
  ],
  "localAddressRanges": [
    "String"
  ],
  "remoteAddressRanges": [
    "String"
  ],
  "profileTypes": "String",
  "action": "String",
  "trafficDirection": "String",
  "interfaceTypes": "String",
  "edgeTraversal": "String",
  "localUserAuthorizations": "String"
}