Azure-cli: Azure CLI to open many ports

Created on 11 Jun 2018  路  6Comments  路  Source: Azure/azure-cli

Is your feature request related to a problem? Please describe.
Need to open a bunch of ports, not just one, to my VM using Azure CLI

Describe the solution you'd like
Able to open a bunch of ports, not just one, to my VM using Azure CLI

Describe alternatives you've considered
being able to declare what you want for your VM in a single operation, like #2011

Additional context

I'm following the following to use Azure CLI to open ports
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/nsg-quickstart

I.e., the command, 

az vm open-port --resource-group myResourceGroup --name myVM --port 80

works fine. However, when I try to open up the next port, 21, I got this:

Security rule open-port-80 conflicts with rule open-port-21. Rules cannot have the same Priority and Direction.

So

  • how do I open a bunch of ports (not just one) to my VM using Azure CLI?
  • how do I add more ports to the already opened set of ports to my VM using Azure CLI?

thx

Network question
Source
picture suntong

Most helpful comment

Yes, it opens both.

picture tjprescott on 12 Jun 2018
👍3

All 6 comments

Arguments
    --port   [Required]: The port or port range (ex: 80-100) to open inbound traffic to. Use '*' to
                         allow traffic to all ports.
    --priority         : Rule priority, between 100 (highest priority) and 4096 (lowest priority).
                         Must be unique for each rule in the collection.  Default: 900.

So you have a couple options:

  1. Specify a range of ports and issue one command
  2. Specify each port or port range with separate calls and specify the priority (you can omit on the first call if you are okay with the default of 900).
tjprescott picture tjprescott on 11 Jun 2018
👍1

Thanks @tjprescott,

  • what's the implication for the priority? Does it determine the order Azure ... hmm... still can't think of any reason port number need to be associated with priority.
  • when I was creating the VM using to portal, I used to open the following port, is there any way to know how the portal assign the priorities to each of them? 
22
21
25
53
80
110
443
587
993
995
  • also, with the portal, the Endpoints can choose either TCP or UDP. How to choose TCP or UDP for Azure CLI?

thx

suntong picture suntong on 12 Jun 2018

The priority is related to the NSG rule. Rules are executed in priority from high to low and once a rule is satisfied, lower priority rules are not processed. Priority really doesn't have to do with ports--it has to do with conflicting the rules (which is the mechanism through which you can allow or deny ports).

If you run network nsg show on the network security group for your VM, it should list all the rules and show the priorities that the portal designated. We do not try to apply a heuristic.

vm open-port is a convenience command only and thus it doesn't allow you to specify UDP/TCP for the resulting rule. From the extended help text description, if you want more fine grained control that the open-port command allows, you need to use the underlying network commands. In your case it would az network nsg rule create.

tjprescott picture tjprescott on 12 Jun 2018
2

thanks, appreciate the detailed answer.

suntong picture suntong on 12 Jun 2018

Just to be 100% sure, vm open-port open both UDP/TCP ports, right, or it is just TCP?

suntong picture suntong on 12 Jun 2018

Yes, it opens both.

tjprescott picture tjprescott on 12 Jun 2018
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jsturtevant picture jsturtevant  路  3Comments
rlewkowicz picture rlewkowicz  路  3Comments
cicorias picture cicorias  路  3Comments
amarzavery picture amarzavery  路  3Comments
seanknox picture seanknox  路  3Comments