alagoutte
commented
4 years ago Hi,
no sure to understood... but why don't make a loop ? (with Firewall Section ) ?
Closed Sk83r closed 4 years ago
alagoutte
commented
4 years ago Hi,
no sure to understood... but why don't make a loop ? (with Firewall Section ) ?
dcoghlan
commented
4 years ago Here are the rules that I have
C:\Users\Administrator> get-nsxfirewallsection | get-nsxfirewallrule | ft -Property id, Name, sectionId -GroupBy sectionId
sectionId: 18362
id Name sectionId
-- ---- ---------
1376 rule 18362
1375 SectionBR1 18362
sectionId: 18361
id Name sectionId
-- ---- ---------
1374 SectionAR3 18361
1373 rule 18361
1372 SectionAR1 18361
sectionId: 1003
id Name sectionId
-- ---- ---------
1003 Default Rule NDP 1003
1002 Default Rule DHCP 1003
1001 Default Rule 1003Even though rules 1373 & 1376 say "rule" as the name, they in-fact do not have any name configured
C:\Users\Administrator> get-nsxfirewallrule -RuleId 1376 | format-xml
<rule id="1376" disabled="false" logged="false">
<action>allow</action>
<appliedToList>
<appliedTo>
<name>DISTRIBUTED_FIREWALL</name>
<value>DISTRIBUTED_FIREWALL</value>
<type>DISTRIBUTED_FIREWALL</type>
<isValid>true</isValid>
</appliedTo>
</appliedToList>
<sectionId>18362</sectionId>
<sources excluded="false">
<source>
<value>1.1.1.1</value>
<type>Ipv4Address</type>
<isValid>true</isValid>
</source>
</sources>
<direction>inout</direction>
<packetType>any</packetType>
</rule>And to get a list of all the rules which have either no name set or a blank name set, use the following
C:\Users\Administrator> get-nsxfirewallsection | get-nsxfirewallrule | ? {if ((!($_ | Get-Member -MemberType Properties
-Name Name)) -or ($_.name -eq '')) {$_}} | ft -Property id, Name, sectionId -GroupBy sectionId
sectionId: 18362
id Name sectionId
-- ---- ---------
1376 rule 18362
sectionId: 18361
id Name sectionId
-- ---- ---------
1373 rule 18361
Sk83r
commented
4 years ago Even though rules 1373 & 1376 say "rule" as the name, they in-fact do not have any name configured
exactly as I said , "rule" is default name when the field is blank or unset.
C:\Users\Administrator> get-nsxfirewallsection | get-nsxfirewallrule | ? {if ((!($ | Get-Member -MemberType Properties -Name Name)) -or ($.name -eq '')) {$_}} | ft -Property id, Name, sectionId -GroupBy sectionId
Thanks for that..nice.
Actually I was able to make it simple with foreach loop as @alagoutte suggested.
foreach ( $section in (Get-NsxFirewallSection | ? { $_.name -notmatch 'Default Section Layer3' })) { write-host "SECTION:" $section.name Get-NsxFirewallSection $section.name | Get-NsxFirewallRule | Where-Object { $_.name -eq "rule"} | select id | measure }
Hi guys
Can you assist with proper command to results group by rule section ?
For example, to get un-named rules we need to pull out rules with match/eq "rule" (this is for black field) and this works fine but I want to pull out all un-named rules based on section and summarize
simillar to below :
Get-NSxFirewallSection | Get-NsxFirewallRule | Where-Object { $_.name -eq "rule"} | select id, name | measurethanks