如何解决新入站端口规则的拒绝策略
我有以下拒绝使用端口3398创建新的入站端口规则的策略,但是,我还想添加另一条规则,其中拒绝创建源设置为“ ANY”的规则。该策略的目标是拒绝创建新的入站端口规则,该规则的目标是3398,源是“ ANY”。 这是政策,在此先感谢
{
"mode": "All","policyRule": {
"if": {
"anyof": [
{
"allOf": [
{
"field": "type","equals": "Microsoft.Network/networkSecurityGroups"
},{
"count": {
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*]","where": {
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].access","equals": "Allow"
},{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].direction","equals": "Inbound"
},{
"anyOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRange","in": [
"3389"
]
},{
"not": {
"field": "Microsoft.Network/networkSecurityGroups/securityRules[*].destinationPortRanges[*]","notin": [
"3389"
]
}
}
]
}
]
}
},"greater": 0
}
]
},{
"allOf": [
{
"field": "type","equals": "Microsoft.Network/networkSecurityGroups/securityRules"
},{
"allOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/access","equals": "Allow"
},{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/direction","equals": "Inbound"
},{
"anyOf": [
{
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange","in": [
"22","3389"
]
},{
"not": {
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","notin": [
"3389","22"
]
}
},{
"value": "[if(and(not(empty(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'))),contains(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-')),and(lessOrEquals(int(first(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),'-'))),22),greaterOrEquals(int(last(split(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRange'),22)),'false')]","equals": "true"
},{
"count": {
"field": "Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]","where": {
"value": "[if(and(not(empty(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')))),contains(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),and(lessOrEquals(int(first(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),greaterOrEquals(int(last(split(first(field('Microsoft.Network/networkSecurityGroups/securityRules/destinationPortRanges[*]')),"equals": "true"
}
},"greater": 0
}
]
}
]
}
]
}
]
},"then": {
"effect": "deny"
}
},"parameters": {}
}
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
