我想使用新的安全规则一次添加/更新多个NSG。它应检查NSG中是否已存在相同名称的安全规则,然后应更新该规则,否则应添加优先级为+10的新规则。它将从csv读取输入。
以下脚本可读取一条规则并更新特定声明变量的IP,要更新的规则名称和要更新的参数
$nsg = Get->AzureRmNetworkSecurityGroup -Name "Test" -ResourceGroupName "RG-TEST"
$SecurityRuleName = "Port_http"
在这里,我们将源IP更新为127.0.0.2
$sourceAddrPrefix = "127.0.0.2"
$rule = ($nsg | Get-AzureRmNetworkSecurityRuleConfig -Name
$SecurityRuleName -ErrorAction SilentlyContinue) if ($rule -eq $null)
{ $prio =
[int]($nsg.SecurityRules[$nsg.SecurityRules.Count-1].Priority) $prio
+= 10 Write-Host "Adding $SecurityRuleName rule to allow $sourceAddrPrefix with priority $prio" $ret = ($nsg |
Add-AzureRmNetworkSecurityRuleConfig -Name $SecurityRuleName `
-SourceAddressPrefix $sourceAddrPrefix -SourcePortRange "*" `
-DestinationAddressPrefix "*" -DestinationPortRange "80" `
-Protocol "*" -Direction "Inbound" -Access "Allow" `
-Priority $prio) } else { Write-Host "Updating $SecurityRuleName rule to allow $sourceAddrPrefix" $ret = ($nsg |
Set-AzureRmNetworkSecurityRuleConfig -Name $SecurityRuleName `
-SourceAddressPrefix $sourceAddrPrefix -SourcePortRange "*" `
-DestinationAddressPrefix "*" -DestinationPortRange "80" `
-Protocol "*" -Direction "Inbound" -Access "Allow" `
-Priority $rule.Priority) } Write-Host "Saving to Azure..." $ret = ($nsg | Set-AzureRmNetworkSecurityGroup)