Azure-cli: creating NSG rule with multiple ports is not accepted

Created on 24 Oct 2018 · 4Comments · Source: Azure/azure-cli

I want to create an NSG rule for port 80 and 443.
I can do that with the Azure portal web UI (it allows me to specify multiple comma-separated ports).
Then I want to do that with the az cmdline, but it refuses multiple ports :

az network nsg rule create -g rg-d03-dev-pcfwesteurope-01 --nsg-name nsg-d03-we-pcfops-01 --name allow_lb_80_443 --priority 150 --protocol TCP --access Allow --direction Inbound --source-port-ranges '' --source-address-prefixes '' --destination-port-ranges '80 443' --destination-address-prefixes 10.253.4.5

Security rule has invalid Port range. Value provided: 80 443. Value should be an integer OR integer range with '-' delimiter. Valid range 0-65535.

Looking at the help of the az cmd, it tells me it should be possible ("Space-separated list of ports or port ranges between 0-65535"):
az network nsg rule create --help

Command
az network nsg rule create : Create a network security group rule.

Arguments
--name -n [Required] : Name of the network security group rule.
--nsg-name [Required] : Name of the network security group.
--priority [Required] : Rule priority, between 100 (highest priority) and 4096 (lowest
priority). Must be unique for each rule in the collection.
--resource-group -g [Required] : Name of resource group. You can configure the default group
using az configure --defaults group=<name>.
--access : Allowed values: Allow, Deny. Default: Allow.
--description : Rule description.
--direction : Allowed values: Inbound, Outbound. Default: Inbound.
--protocol : Network protocol this rule applies to. Allowed values: *, Tcp,
Udp. Default: *.

Destination Arguments
--destination-address-prefixes : Space-separated list of CIDR prefixes or IP ranges.
Alternatively, specify ONE of 'VirtualNetwork',
'AzureLoadBalancer', 'Internet' or '' to match all IPs.
Default: *.
--destination-asgs : Space-separated list of application security group names or
IDs.
--destination-port-ranges : Space-separated list of ports or port ranges between 0-65535.
Use '' to match all ports. Default: 80.
<<<>>>

How can I specify multiple ports using the cmdline?

question

Source

metskem

All 4 comments

Space-separated list (should work): --ports 80 443
String with space in it (will not work): --ports '80 443'

tjprescott on 24 Oct 2018

Tell me what is wrong.
Space-separated list not work.

az network nsg rule create -n TempRule --nsg-name MyNSG --priority 900 -g MyRG --protocol Tcp --destination-address-prefixes in.my.ip.addr --destination-port-ranges 80 443 --source-address-prefixes * --source-port-ranges * --access Allow

response.

Security rule has invalid Port range. Value provided: Boostnote. Value should be an integer OR integer range with '-' delimiter. Valid range 0-65535.

version.

az --version
azure-cli (2.0.50)

acr (2.1.8)
acs (2.3.11)
advisor (2.0.0)
ams (0.3.0)
appservice (0.2.6)
backup (1.2.1)
batch (3.4.1)
batchai (0.4.4)
billing (0.2.0)
botservice (0.1.1)
cdn (0.2.0)
cloud (2.1.0)
cognitiveservices (0.2.3)
command-modules-nspkg (2.0.2)
configure (2.0.19)
consumption (0.4.0)
container (0.3.8)
core (2.0.50)
cosmosdb (0.2.3)
dla (0.2.3)
dls (0.1.4)
dms (0.1.1)
eventgrid (0.2.0)
eventhubs (0.3.1)
extension (0.2.3)
feedback (2.1.4)
find (0.2.12)
hdinsight (0.1.0)
interactive (0.4.0)
iot (0.3.4)
iotcentral (0.1.3)
keyvault (2.2.6)
lab (0.1.3)
maps (0.3.2)
monitor (0.2.6)
network (2.2.8)
nspkg (3.0.3)
policyinsights (0.1.0)
profile (2.1.2)
rdbms (0.3.4)
redis (0.3.2)
relay (0.1.2)
reservations (0.4.0)
resource (2.1.6)
role (2.1.9)
search (0.1.1)
servicebus (0.3.2)
servicefabric (0.1.7)
signalr (1.0.0)
sql (2.1.5)
storage (2.2.4)
telemetry (1.0.0)
vm (2.2.7)

Python location '/opt/az/bin/python3'
Extensions directory '/home/myaccount/.azure/cliextensions'

Python (Linux) 3.6.5 (default, Nov  1 2018, 22:27:30)
[GCC 7.3.0]

Legal docs and information: aka.ms/AzureCliLegal