< Back
Add-NsxFirewallRuleMember
Post
NAME Add-NsxFirewallRuleMember
SYNOPSIS
Adds a new source or destination member to the specified NSX Distributed
Firewall Rule.
SYNTAX
Add-NsxFirewallRuleMember -FirewallRule <XmlElement> [-Member] <Object[]> -MemberType <String> [-Connection
<PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Distributed Firewall Rule defines a typical 5 tuple rule and is
enforced on each hypervisor at the point where the VMs NIC connects to the
portgroup or logical switch.
This cmdlet accepts a firewall rule object returned from Get-NsxFirewallRule
and adds the specified source and/or destination members to the rule.
PARAMETERS
-FirewallRule <XmlElement>
DFW rule as returned by Get-NsxFirewallRule / New-NsxFirewallRule
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Member <Object[]>
Member(s) to add. specify ipv4/6 addresses as a string or other member types as VI / NSX Object (VM, Logical
Switch etc)).
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-MemberType <String>
MemberType to add. Source, Destination or Both
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object.
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | add-NsxFirewallRuleMember -MemberType Source -Member (get-vm web01) |
Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
Add the vm web01 as a source member of rule 5441 - output as table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | add-NsxFirewallRuleMember -MemberType Destination -Member "1.2.3.4" |
Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Add the ip 1.2.3.4 to the destinations of rule 5441 - output as table.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Add-NsxFirewallRuleMember -MemberType Destination -Member (get-vm
web02),"1.2.3.4",$IPSetTest | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Add 1.2.3.4, the vm web02 and the nsx ipset stored in $ipsettest to the rule 5441 - output as table.
RELATED LINKS
SYNOPSIS
Adds a new source or destination member to the specified NSX Distributed
Firewall Rule.
SYNTAX
Add-NsxFirewallRuleMember -FirewallRule <XmlElement> [-Member] <Object[]> -MemberType <String> [-Connection
<PSObject>] [<CommonParameters>]
DESCRIPTION
An NSX Distributed Firewall Rule defines a typical 5 tuple rule and is
enforced on each hypervisor at the point where the VMs NIC connects to the
portgroup or logical switch.
This cmdlet accepts a firewall rule object returned from Get-NsxFirewallRule
and adds the specified source and/or destination members to the rule.
PARAMETERS
-FirewallRule <XmlElement>
DFW rule as returned by Get-NsxFirewallRule / New-NsxFirewallRule
Required? true
Position? named
Default value
Accept pipeline input? true (ByValue)
Accept wildcard characters? false
-Member <Object[]>
Member(s) to add. specify ipv4/6 addresses as a string or other member types as VI / NSX Object (VM, Logical
Switch etc)).
Required? true
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? false
-MemberType <String>
MemberType to add. Source, Destination or Both
Required? true
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-Connection <PSObject>
PowerNSX Connection object.
Required? false
Position? named
Default value $defaultNSXConnection
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer, PipelineVariable, and OutVariable. For more information, see
about_CommonParameters (https:/go.microsoft.com/fwlink/?LinkID=113216).
INPUTS
OUTPUTS
-------------------------- EXAMPLE 1 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | add-NsxFirewallRuleMember -MemberType Source -Member (get-vm web01) |
Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
Add the vm web01 as a source member of rule 5441 - output as table.
-------------------------- EXAMPLE 2 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | add-NsxFirewallRuleMember -MemberType Destination -Member "1.2.3.4" |
Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Add the ip 1.2.3.4 to the destinations of rule 5441 - output as table.
-------------------------- EXAMPLE 3 --------------------------
PS C:\\>get-nsxfirewallrule -RuleId 5441 | Add-NsxFirewallRuleMember -MemberType Destination -Member (get-vm
web02),"1.2.3.4",$IPSetTest | Format-Table
RuleId SectionId MemberType Name Value Type isValid
------ --------- ---------- ---- ----- ---- -------
5441 3717 Source Web01 vm-1270 VirtualMachine true
5441 3717 Source 1.2.3.4 Ipv4Address true
5441 3717 Destination test ipset-309 IPSet true
5441 3717 Destination Web02 vm-1266 VirtualMachine true
5441 3717 Destination 1.2.3.4 Ipv4Address true
Add 1.2.3.4, the vm web02 and the nsx ipset stored in $ipsettest to the rule 5441 - output as table.
RELATED LINKS