向 Azure NSG 规则添加多个 IP

Question

I have Azure NSG. inside i have a rule called "Blocked_IP" I need to automate the process of updating this rule once a day with thousands of new ips (Azure max ip per rule is 4k)

looking at the documentaiton i have 2 possible commands:

$ipsarry = Get-Content .\file.txt
az network nsg rule update -g $groupName --nsg-name $NSGName -n $ruleName --source-address-prefix $ipsarry

file.txt will hold the ips. this will work as long file.txt hold aprox less than 500 ips, as if i add more the command will be a very very long string and there will be an exception. i cannot add this in parts as i cannot find a way to append the data, upon each call the old data is deleted.

using the other command

$NSG = Get-AzNetworkSecurityGroup -Name 'test' -ResourceGroupName 'Testik'


$Params = @{
  'Name'                     = 'auto_farm_protection4'
  'NetworkSecurityGroup'     = $NSG
  'Protocol'                 = 'TCP'
  'Direction'                = 'Inbound'
  'Priority'                 = 500
  'SourceAddressPrefix'      = "1.1.1.1, 2.2.2.2"
  'SourcePortRange'          = '*'
  'DestinationAddressPrefix' = '*'
  'DestinationPortRange'     = 3389
  'Access'                   = 'Deny'
}

Add-AzNetworkSecurityRuleConfig @Params | Set-AzNetworkSecurityGroup

will give me the same problem.

looks like google doesnt help me much. any help would be great.

Answer 1

You can use Set-AzNetworkSecurityRuleConfig -Name <String> -NetworkSecurityGroup <PSNetworkSecurityGroup> -SourceAddressPrefix String[] . Load the ip address from the text file into String Array (i guess you have a delimiter separating the ip address). Finally, pass it to the parameter of SourceAddressPrefix .

https://docs.microsoft.com/en-us/powershell/module/az.network/set-aznetworksecurityruleconfig?view=azps-6.6.0