配置NSG限制VM访问Internet
什么是网络安全组 (NSG)?
http://www.windowsazure.cn/documentation/articles/virtual-networks-nsg
新建一个安全组
New-AzureNetworkSecurityGroup-Name"DMZNSG"-Location"China East"
定义变量
$NSGGroup=Get-AzureNetworkSecurityGroup-NameDMZNSG
配置针对10.0.1.6这台虚拟机Outbound,拒绝访问Internet
$NSGGroup|Set-AzureNetworkSecurityRule-Nameblock-internet-ActionDeny-Protocol *-TypeOutbound-Priority200-SourceAddressPrefix‘10.0.1.6/32‘-SourcePortRange*-DestinationAddressPrefixInternet-DestinationPortRange*
配置针对10.0.1.6这台虚拟机Inbound规则,允许Inbound
$NSGGroup|Set-AzureNetworkSecurityRule-NameAllow-inbound-ActionAllow-Protocol*-TypeInbound-Priority200-SourceAddressPrefix*-SourcePortRange*-DestinationAddressPrefix‘10.0.1.6/32‘-DestinationPortRange*
$NSGGroup|Set-AzureNetworkSecurityGroupToSubnet-VirtualNetworkNamewrf-SubnetNameSubnet-1
测试:
通过远程桌面连接Azure VM,发现虚拟机无法访问外网。
外网可以访问
取消分配Remove-AzureNetworkSecurityGroupAssociation -VirtualNetworkName wrf -SubnetName Subnet-1
然后删除Remove-AzureNetworkSecurityGroup