The Add-VMNetworkAdapterExtendedAcl cmdlet creates an extended access control list (ACL) for a virtual network adapter.
The ACL allows or denies access to a virtual machine network adapter for network packets based on source IP address, destination IP address, protocol, source port, and destination port.
Examples
Example 1: Create an ACL for Remote Desktop Protocol
This command creates a stateful inbound ACL that allows a remote device to connect to the virtual machine on port 3389, which is the port for Remote Desktop Protocol.
Example 2: Create an ACL to initiate a connection with timeout
This command creates a stateful ACL that allows outbound packets to a remote device by using TCP.
If there is no activity for 3600 seconds, the connection times out.
Parameters
-Action
Specifies the action for the ACL.
The acceptable values for this parameter are:
Allow
Deny
Parameter properties
Type:
VMNetworkAdapterExtendedAclAction
Default value:
None
Accepted values:
Allow, Deny
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
1
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-CimSession
Runs the cmdlet in a remote session or on a remote computer.
Enter a computer name or a session object, such as the output of a New-CimSession or Get-CimSession cmdlet.
The default is the current session on the local computer.
Parameter properties
Type:
CimSession[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMName
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
ManagementOS
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ComputerName
Specifies an array of Hyper-V hosts.
The cmdlet adds the ACL to the network adapters on the Hyper-V hosts that you specify.
Parameter properties
Type:
String[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMName
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
ManagementOS
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Confirm
Prompts you for confirmation before running the cmdlet.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
cf
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Credential
Specifies one or more user accounts that have permission to perform this action.
The default is the current user.
Parameter properties
Type:
PSCredential[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMName
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
ManagementOS
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Direction
Specifies the direction of network traffic, from the perspective of the virtual machine, to which the ACL applies.
The cmdlet adds an ACL that has the value that you specify.
The acceptable values for this parameter are:
Inbound
Outbound
If you run the Get-VMNetworkAdapterExtendedAcl cmdlet, the entry that you create appears in both the inbound ACL and the outbound ACL.
Parameter properties
Type:
VMNetworkAdapterExtendedAclDirection
Default value:
None
Accepted values:
Inbound, Outbound
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
2
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-IdleSessionTimeout
Specifies a time-out period, in seconds, for idle sessions.
Parameter properties
Type:
Int32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-IsolationID
Specifies an ID of a virtual subnet.
The cmdlet adds an ACL that applies to traffic on the isolated network that you specify.
The subnet uses virtual local area network (VLAN) or Hyper-V Network Virtualization.
For more information about isolation IDs, see the Set-VmNetworkAdapterIsolation cmdlet.
Parameter properties
Type:
Int32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-LocalIPAddress
Specifies the local IP address for the ACL.
For an inbound packet, the local address is the destination IP address.
For an outbound packet, the local address is the source IP address.
You can specify a host address or a subnet address, or specify a wildcard, such as 0.0.0.0/0 for all IPv4 addresses, ::/0 for all IPv6 addresses, or ANY for all IPv4 and IPv6 addresses.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
3
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-LocalPort
Specifies the local port for the ACL. A port range format can also be used (i.e. "49152-49182", for example).
For an inbound TCP or UDP packet, the local port is the destination port.
For an outbound packet, the local port is the source port.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
5
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-ManagementOS
Indicates that the cmdlet operates on the parent or host operating system.
If you specify this parameter, this cmdlet creates an ACL that applies to the parent or host operating system.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
ManagementOS
Position:
Named
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Passthru
Returns an object representing the item with which you are working.
By default, this cmdlet does not generate any output.
Parameter properties
Type:
SwitchParameter
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Protocol
Specifies the protocol that the ACL applies to.
The acceptable values for this parameter are:
TCP
UDP
an integer IP protocol ID (use 1 for ICMP)
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
7
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RemoteIPAddress
Specifies the local IP address for the ACL.
For an inbound packet, the remote address is the source IP address.
For an outbound packet, the remote address is the destination IP address.
You can specify a host address or a subnet address, or specify a wildcard, such as 0.0.0.0/0 for all IPv4 addresses, ::/0 for all IPv6 addresses, or ANY for all IPv4 and IPv6 addresses.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
4
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-RemotePort
Specifies the remote port for the ACL. A port range format can also be used (i.e. "49152-49182", for example).
For an inbound TCP or UDP packet, the remote port is the source port.
For an outbound packet, the remote port is the destination port.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
6
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Stateful
Indicates whether the ACL applies to packets in both directions of the same session.
If you specify a value of $True, the ACL applies to a return packet even though that packet has the opposite direction with respect to the ACL.
Parameter properties
Type:
Boolean
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-VM
Specifies an array of virtual machine objects.
The cmdlet adds an ACL for the virtual machines that you specify.
To obtain a virtual machine object, use the Get-VM cmdlet.
Parameter properties
Type:
VirtualMachine[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMObject
Position:
0
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-VMName
Specifies an array of names of virtual machines.
The cmdlet adds an ACL for the virtual machines that you specify.
Parameter properties
Type:
String[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMName
Position:
0
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-VMNetworkAdapter
Specifies an array VM network adapters as VMNetworkAdapterBase objects.
The cmdlet adds an ACL to the adapters that you specify.
To obtain a network adapter, use the Get-VMNetworkAdapter cmdlet.
Parameter properties
Type:
VMNetworkAdapterBase[]
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
ResourceObject
Position:
0
Mandatory:
True
Value from pipeline:
True
Value from pipeline by property name:
False
Value from remaining arguments:
False
-VMNetworkAdapterName
Specifies the name of a virtual network adapter.
The cmdlet adds an ACL to the adapter that you specify.
Parameter properties
Type:
String
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
VMName
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
ManagementOS
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
VMObject
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-Weight
Specifies the weight of an ACL entry.
Larger weight values apply first, and once an ACL entry applies to a packet, other entries are no longer relevant for that packet.
Parameter properties
Type:
Int32
Default value:
None
Supports wildcards:
False
DontShow:
False
Parameter sets
(All)
Position:
8
Mandatory:
True
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
-WhatIf
Shows what would happen if the cmdlet runs.
The cmdlet is not run.
Parameter properties
Type:
SwitchParameter
Default value:
False
Supports wildcards:
False
DontShow:
False
Aliases:
wi
Parameter sets
(All)
Position:
Named
Mandatory:
False
Value from pipeline:
False
Value from pipeline by property name:
False
Value from remaining arguments:
False
CommonParameters
This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable,
-InformationAction, -InformationVariable, -OutBuffer, -OutVariable, -PipelineVariable,
-ProgressAction, -Verbose, -WarningAction, and -WarningVariable. For more information, see
about_CommonParameters.