| Add-VMNetworkAdapterAcl(hyperv添加访问控制列表) |
Add-VMNetworkAdapterAcl(添加访问控制列表)
Add-VMNetworkAdapterAclExample 1This example adds an ACL to allow virtual machine Redmond to send to and receive from traffic on IP subnet 10.0.0.8/8. PS C:\> Add-VMNetworkAdapterAcl –VMName Redmond –RemoteIPAddress 10.0.0.0/8 –Direction Both –Action Allow Example 2This example adds an ACL to deny virtual machine Redmond to send either IPv4 or IPv6 traffic to anywhere and receive such traffic from anywhere. PS C:\> Add-VMNetworkAdapterAcl –VMName Redmond –RemoteIPAddress ANY –Direction Both –Action Deny Example 3This example gets virtual machine Redmond and adds an ACL to deny it to send any traffic to a device with MAC address 03-0f-01-0e-aa-b2 or to receive any traffic from that device. PS C:\> Get-VM Redmond | Add-VMNetworkAdapterAcl -RemoteMacAddress 03-0f-01-0e-aa-b2 -Direction Both -Action Deny Example 4This example gets virtual network adapters from virtual machine Redmond and adds an ACL to meter outgoing traffic sent to IP subnet 192.168.0.0/16. PS C:\> Get-VMNetworkAdapter -VMName Redmond | Add-VMNetworkAdapterAcl -RemoteIPAddress 192.168.0.0/16 -Direction Outbound -Action Meter From: Windows Server® 2012 R2 中用于 Hyper-V 虚拟交换机的新增功能之一是扩展端口访问控制列表 (ACL)。你可以在 Hyper-V 虚拟交换机上配置扩展 ACL,以允许和阻止传往及传自通过虚拟网络适配器连接到交换机的虚拟机 (VM) 的网络流量。创建规则时,可以使用 参数来确定 Hyper-V 虚拟交换机处理规则的顺序。 的值以整数表示;先处理整数较大的规则,再处理整数较小的规则。例如,如果你向 VM 网络适配器应用了两个规则,其中一个规则的权重为 1,另一个规则的权重为 10,则先应用权重为 10 的规则。 下面两个示例说明了如何使用 Windows PowerShell 命令创建规则。第一个示例规则将阻止传往名为“ApplicationServer”的 VM 的所有流量。第二个示例规则将应用到名为“ApplicationServer”的 VM 的网络适配器,该规则只允许该 VM 的入站 RDP 流量。 Add-VMNetworkAdapterExtendedAcl –VMName “ApplicationServer” –Action “Deny” –Direction “Inbound” –Weight 1 Add-VMNetworkAdapterExtendedAcl –VMName “ApplicationServer” –Action “Allow” –Direction “Inbound” –LocalPort 3389 –Protocol “TCP” –Weight 10 |
