在多个NSG中添加/更新安全规则

时间:2018-10-29 13:10:28

标签: azure azure-powershell

我想使用新的安全规则一次添加/更新多个NSG。它应检查NSG中是否已存在相同名称的安全规则,然后应更新该规则,否则应添加优先级为+10的新规则。它将从csv读取输入。

以下脚本可读取一条规则并更新特定声明变量的IP,要更新的规则名称和要更新的参数

$nsg = Get->AzureRmNetworkSecurityGroup -Name "Test" -ResourceGroupName "RG-TEST"
$SecurityRuleName = "Port_http"

在这里,我们将源IP更新为127.0.0.2

$sourceAddrPrefix = "127.0.0.2"
$rule = ($nsg | Get-AzureRmNetworkSecurityRuleConfig -Name
$SecurityRuleName -ErrorAction SilentlyContinue) if ($rule -eq $null)
{  $prio =
[int]($nsg.SecurityRules[$nsg.SecurityRules.Count-1].Priority)  $prio
+= 10  Write-Host "Adding $SecurityRuleName rule to allow $sourceAddrPrefix with priority $prio"  $ret = ($nsg |
Add-AzureRmNetworkSecurityRuleConfig -Name $SecurityRuleName `
                -SourceAddressPrefix $sourceAddrPrefix  -SourcePortRange "*" `
                -DestinationAddressPrefix "*" -DestinationPortRange "80" `
                -Protocol "*" -Direction "Inbound" -Access "Allow" `
                 -Priority $prio) } else {  Write-Host "Updating $SecurityRuleName rule to allow $sourceAddrPrefix"  $ret = ($nsg |
 Set-AzureRmNetworkSecurityRuleConfig -Name $SecurityRuleName `
                -SourceAddressPrefix $sourceAddrPrefix  -SourcePortRange "*" `
                -DestinationAddressPrefix "*" -DestinationPortRange "80" `
                -Protocol "*" -Direction "Inbound" -Access "Allow" `
                -Priority $rule.Priority) } Write-Host "Saving to Azure..." $ret = ($nsg | Set-AzureRmNetworkSecurityGroup)

0 个答案:

没有答案