I have Azure NSG. inside i have a rule called "Blocked_IP" I need to automate the process of updating this rule once a day with thousands of new ips (Azure max ip per rule is 4k)
looking at the documentaiton i have 2 possible commands:
$ipsarry = Get-Content .\file.txt
az network nsg rule update -g $groupName --nsg-name $NSGName -n $ruleName --source-address-prefix $ipsarry
file.txt will hold the ips. this will work as long file.txt hold aprox less than 500 ips, as if i add more the command will be a very very long string and there will be an exception. i cannot add this in parts as i cannot find a way to append the data, upon each call the old data is deleted.
using the other command
$NSG = Get-AzNetworkSecurityGroup -Name 'test' -ResourceGroupName 'Testik'
$Params = @{
'Name' = 'auto_farm_protection4'
'NetworkSecurityGroup' = $NSG
'Protocol' = 'TCP'
'Direction' = 'Inbound'
'Priority' = 500
'SourceAddressPrefix' = "1.1.1.1, 2.2.2.2"
'SourcePortRange' = '*'
'DestinationAddressPrefix' = '*'
'DestinationPortRange' = 3389
'Access' = 'Deny'
}
Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup
will give me the same problem.
looks like google doesnt help me much. any help would be great.
CodePudding user response:
You can use Set-AzNetworkSecurityRuleConfig -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> -SourceAddressPrefix String[] .
Load the ip address from the text file into String Array (i guess you have a delimiter separating the ip address). Finally, pass it to the parameter of SourceAddressPrefix .