New-Network
Syntax
New-NetworkControllerAccessControlList
[-ResourceId] <String>
[[-Tags] <PSObject>]
[-Properties] <AccessControlListProperties>
[[-Etag] <String>]
[[-ResourceMetadata] <ResourceMetadata>]
[-Force]
-ConnectionUri <Uri>
[-CertificateThumbprint <String>]
[-Credential <PSCredential>]
[-PassInnerException]
[-WhatIf]
[-Confirm]
[<CommonParameters>]Description
The New-NetworkControllerAccessControlList cmdlet creates a new access control list for allowing/denying traffic to/from a particular subnet or network interface. Each access control list can contain multiple rules.
Examples
Example 1
This example creates an access control list with two rules. The first rule allows all inbound network traffic. The second rule allows all outbound network traffic.
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRulePropertiesÂ
$ruleproperties.Protocol = "All"Â
$ruleproperties.SourcePortRange = "0-65535"Â
$ruleproperties.DestinationPortRange = "0-65535"Â
$ruleproperties.Action = "Allow"Â
$ruleproperties.SourceAddressPrefix = "*"Â
$ruleproperties.DestinationAddressPrefix = "*"Â
$ruleproperties.Priority = "100"Â
$ruleproperties.Type = "Inbound"Â
$ruleproperties.Logging = "Enabled"Â
$aclrule1 = new-object Microsoft.Windows.NetworkController.AclRuleÂ
$aclrule1.Properties = $rulepropertiesÂ
$aclrule1.ResourceId = "AllowAll_Inbound"Â
$ruleproperties = new-object Microsoft.Windows.NetworkController.AclRulePropertiesÂ
$ruleproperties.Protocol = "All"Â
$ruleproperties.SourcePortRange = "0-65535"Â
$ruleproperties.DestinationPortRange = "0-65535"Â
$ruleproperties.Action = "Allow"Â
$ruleproperties.SourceAddressPrefix = "*"Â
$ruleproperties.DestinationAddressPrefix = "*"Â
$ruleproperties.Priority = "110"
$ruleproperties.Type = "Outbound"
$ruleproperties.Logging = "Enabled"
$aclrule2 = new-object Microsoft.Windows.NetworkController.AclRule
$aclrule2.Properties = $ruleproperties
$aclrule2.ResourceId = "AllowAll_Outbound"
$acllistproperties = new-object Microsoft.Windows.NetworkController.AccessControlListProperties
$acllistproperties.AclRules = @($aclrule1, $aclrule2)
New-NetworkControllerAccessControlList -ResourceId "AllowAll" -Properties $acllistproperties -ConnectionUri <NC REST FQDN>Required Parameters
Specifies the Uniform Resource Identifier (URI) of the Network Controller that all Representational State Transfer (REST) clients use to connect to that controller.
| Type: | Uri |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the properties of an access control list. Each ACL consists of rules, with each rule having the following properties:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled
| Type: | AccessControlListProperties |
| Position: | 3 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Specifies the unique identifier of the Access Control list.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | True (ByPropertyName) |
| Accept wildcard characters: | False |
Optional Parameters
Specifies the certificate thumbprint of a digital public key X.509 certificate of a user account that has permission to perform this action. In order for Network Controller to authorize the account, specify this thumbprint by using the ClientCertificateThumbprint parameter of the Install-NetworkController or Set-NetworkController cmdlet.
| Type: | String |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies a user credential that has permission to perform this action. The default value is the current user. This user must be a member of in the security group specified by the ClientSecurityGroup parameter of the Install-NetworkController cmdlet.
| Type: | PSCredential |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies the entity tag (ETag) of the resource. An ETag is an HTTP response header returned by an HTTP-compliant web server. An ETag is used to determine change in the content of a resource at a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated.
| Type: | String |
| Position: | 5 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Forces the command to run without asking for user confirmation.
| Type: | SwitchParameter |
| Position: | 7 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Type: | SwitchParameter |
| Position: | Named |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Specifies metadata information for the client, such as the tenant ID, group ID, and resource name.
| Type: | ResourceMetadata |
| Position: | 6 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
| Type: | PSObject |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
Each access control list contains multiple ACL rules. Each rule contains the following:
- Name
- Protocol
- Source port range
- Destination port range
- Action (Allow/Deny)
- Source Address prefix
- Destination address prefix
- Priority
- Type of rule (inbound/outbound)
- Whether logging is enabled or disabled