Add-vmnetworkadapteracl
Creates an ACLs to apply to the traffic through a virtual machine network adapter.
Example 1
This example adds a ACL to allow virtual machine Redmond to send to and receive from traffic on IP subnet 10 .0.0.8/8.
PS c:\> add-vmnetworkadapteracl–vmname redmond–remoteipaddress 10.0.0.0/8–direction both–action allow
Example 2
This example adds a ACL to deny Vsan Redmond to send either IPV4 or IPV6 traffic to anywhere and rece Ive such traffic from anywhere.
PS c:\> add-vmnetworkadapteracl–vmname redmond–remoteipaddress any–direction both–action Deny
Example 3
This example gets the virtual machine Redmond and adds an ACLs to the it to send all traffic to a device with MAC add Ress 03-0f-01-0e-aa-b2 or to receive any traffic from the that device.
PS c:\> GET-VM Redmond | Add-vmnetworkadapteracl-remotemacaddress 03-0f-01-0e-aa-b2-direction both-action Deny
Example 4
This example gets the virtual network adapters from virtual machine Redmond and adds a ACL to meter outgoing traffic Sent to IP subnet 192.168.0.0/16.
PS c:\> get-vmnetworkadapter-vmname Redmond | Add-vmnetworkadapteracl-remoteipaddress 192.168.0.0/16-direction outbound-action Meter
From: http:/ /technet.microsoft.com/zh-cn/library/hh848505.aspx
add-vmnetworkadapterextendedacl
Windows server®2012 R2 for Hyper-V virtual switches is the extended Port access Control List (ACL). You can configure extended ACLs on Hyper-V virtual switches to allow and block network traffic to and from virtual machines (VMS) that are connected to the switch through a virtual network adapter.
When you create a rule, you can use –weight parameters to determine the order in which the Hyper-V Virtual Switch processes rules. The value of –weight is expressed as an integer, a rule with large integers is processed first, and a rule with smaller integers is processed. For example, if you apply two rules to a VM network adapter where one rule has a weight of 1 and the other rule has a weight of 10, then the rule with a weight of 10 is applied first.
The following two examples show how to create a rule using Windows PowerShell commands. The first example rule will block all traffic destined for VMs named "ApplicationServer". The second example rule applies to the network adapter for the VM named "ApplicationServer", which only allows inbound RDP traffic for that VM.
add-vmnetworkadapterextendedacl–vmname "ApplicationServer" –action "Deny" –direction "Inbound" –weight 1add-vmnetworkadapterextendedacl–vmname "ApplicationServer" –action "Allow" –direction "Inbound" –localport 3389– Protocol "TCP" –weight
From: http://technet.microsoft.com/zh-cn/library/dn375962.aspx#bkmk_ Detailed