az network firewall policy rule-collection-group collection rule
Note
This reference is part of the azure-firewall extension for the Azure CLI (version 2.67.0 or higher). The extension will automatically install the first time you run an az network firewall policy rule-collection-group collection rule command. Learn more about extensions.
Manage and configure the rule of a filter collection in the rule collection group of Azure firewall policy.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az network firewall policy rule-collection-group collection rule add |
Add a rule into an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule remove |
Remove a rule from an Azure firewall policy rule collection. |
Extension | Preview |
| az network firewall policy rule-collection-group collection rule update |
Update a rule of an Azure firewall policy rule collection. |
Extension | Preview |
az network firewall policy rule-collection-group collection rule add
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Add a rule into an Azure firewall policy rule collection.
az network firewall policy rule-collection-group collection rule add --collection-name
--name
--policy-name
--rcg-name --rule-collection-group-name
--resource-group
--rule-type {ApplicationRule, NatRule, NetworkRule}
[--add]
[--description]
[--dest-addr --destination-addresses]
[--dest-ipg --destination-ip-groups]
[--destination-fqdns]
[--destination-ports]
[--enable-tls-insp --enable-tls-inspection {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdn-tags]
[--http-headers-to-insert]
[--ip-protocols]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--protocols]
[--remove]
[--set]
[--source-addresses]
[--source-ip-groups]
[--target-fqdns]
[--target-urls]
[--translated-address]
[--translated-fqdn]
[--translated-port]
[--web-categories]Required Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
The type of rule.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
| Accepted values: | ApplicationRule, NatRule, NetworkRule |
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The description of rule.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of destination IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of name or resource id of destination IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Network Rule Arguments |
Space-separated list of destination FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Network Rule Arguments |
Space-separated list of destination ports. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Enable flag to terminate TLS connection for this rule.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
| Default value: | False |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDN tags for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of HTTP headers to insert, in NAME=VALUE format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Space-separated list of source IP ddresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of name or resource id of source IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of FQDNs for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of target urls for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Translated address for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Translated FQDN for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Translated port for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Space-separated list of web categories for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy rule-collection-group collection rule remove
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Remove a rule from an Azure firewall policy rule collection.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
az network firewall policy rule-collection-group collection rule remove --collection-name
--name
--policy-name
--rcg-name --rule-collection-group-name
--resource-group
[--add]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--remove]
[--set]Required Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az network firewall policy rule-collection-group collection rule update
This command is in preview and under development. Reference and support levels: https://aka.ms/CLI_refstatus
Update a rule of an Azure firewall policy rule collection.
Filter collection supports having a list of network rules or application rules. NatRule collection supports including a list of nat rules.
az network firewall policy rule-collection-group collection rule update --collection-name
--name
--policy-name
--rcg-name --rule-collection-group-name
--resource-group
[--add]
[--description]
[--dest-addr --destination-addresses]
[--dest-ipg --destination-ip-groups]
[--destination-fqdns]
[--destination-ports]
[--enable-tls-insp --enable-tls-inspection {0, 1, f, false, n, no, t, true, y, yes}]
[--force-string {0, 1, f, false, n, no, t, true, y, yes}]
[--fqdn-tags]
[--http-headers-to-insert]
[--ip-protocols]
[--no-wait {0, 1, f, false, n, no, t, true, y, yes}]
[--protocols]
[--remove]
[--set]
[--source-addresses]
[--source-ip-groups]
[--target-fqdns]
[--target-urls]
[--translated-address]
[--translated-fqdn]
[--translated-port]
[--web-categories]Examples
Update a rule of an Azure firewall policy rule collection.
az network firewall policy rule-collection-group collection rule update -g {rg} --policy-
name {policy} --rule-collection-group-name {rcg} --collection-name {cn} -n {rule_name}
--target-fqdns XXXRequired Parameters
The name of the rule collection in Firewall Policy Rule Collection Group.
The name of the Firewall Policy Rule Collection Group.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
The name of the Firewall Policy.
The name of the Firewall Policy Rule Collection Group.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Add an object to a list of objects by specifying a path and key value pairs. Example: --add property.listProperty <key=value, string or JSON string>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
The description of rule.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of destination IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of name or resource id of destination IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Network Rule Arguments |
Space-separated list of destination FQDNs. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Network Rule Arguments |
Space-separated list of destination ports. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Enable flag to terminate TLS connection for this rule.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
| Default value: | False |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
When using 'set' or 'add', preserve string literals instead of attempting to convert to JSON.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of FQDN tags for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of HTTP headers to insert, in NAME=VALUE format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of IP protocols. This argument is supported for Nat and Network Rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Accepted values: | 0, 1, f, false, n, no, t, true, y, yes |
Space-separated list of protocols and port numbers to use, in PROTOCOL=PORT format. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Remove a property or an element from a list. Example: --remove property.list <indexToRemove> OR --remove propertyToRemove.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Update an object by specifying a property path and value to set. Example: --set property1.property2=<value>.
| Property | Value |
|---|---|
| Parameter group: | Generic Update Arguments |
Space-separated list of source IP addresses. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of name or resource id of source IpGroups. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Common Rule Arguments |
Space-separated list of FQDNs for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Space-separated list of target urls for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Translated address for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Translated FQDN for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Translated port for this NAT rule collection.
| Property | Value |
|---|---|
| Parameter group: | Nat Rule Arguments |
Space-separated list of web categories for this rule. Support shorthand-syntax, json-file and yaml-file. Try "??" to show more.
| Property | Value |
|---|---|
| Parameter group: | Application Rule Arguments |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
