#PSTip Controlling traffic of a VM network adapter in Hyper-V

Note: This tip requires PowerShell 3.0 or above.

Using the Add-VMNetworkAdapterAcl cmdlet we can create ACLs (firewall-like rule) that applies to the traffic through a virtual machine network adapter. We can use it to allow or block traffic to or from specific sources by using IP addresses (including a range of addresses) or MAC addresses.

ACL rules apply to Hyper-V switch ports and currently can only be set using PowerShell. They control whether a packet is allowed or denied on the way into or out of the VM. Multiple port ACLs can be configure for a Hyper-V switch port.

The following command will deny inbound and outbound traffic from VM1 to the remote IP address

Add-VMNetworkAdapterAcl –VMName VM1 -RemoteIPAddress -Direction
Both -Action Deny

To remove the rule:

Remove-VMNetworkAdapterAcl -VMName VM1 -RemoteIPAddress -Action Deny -Direction Both

About the author: Shay Levy

Shay Levy is a Co-founder and editor of the PowerShell Magazine. He is a multiple-year recipient of the Microsoft MVP award, and a Microsoft Certified Trainer (MCT). Shay often covers PowerShell related topics on his blog and you can also follow him on Twitter at @ShayLevy

Related Posts