Hello,
I get some strange results using an Add-VMNetworkAdapterExtendedAcl cmdlet.
If I provide a subnet address as a RemoteIPAddress parameter - the Add-VMNetworkAdapterExtendedAcl cmdlet doesn't work as expected,
-RemoteIPAddress <any subnet address> works exactly as -RemoteIPAddress ANY.
But according to the documentation here http://technet.microsoft.com/en-us/library/dn464289.aspx
and here http://technet.microsoft.com/en-us/library/dn375962.aspx#bkmk_detailed
it's possible to use a subnet address with RemoteIPAddress.
My environment (Steps to reproduce):
1) I have a physical server with a Windows Server 2012 R2 with kb2919355 and hyper-v role installed and a VM with a public IP-address and guest OS Windows Server 2008 R2 SP1.
Hyper-V switch which is used by the VM configured as follows:
PS C:\> Get-VMSwitch External | fl AllowManagementOS
AllowManagementOS : False
No any VMNetworkAdapterAcl or VMNetworkAdapterExtendedAcls configured for the VM.
2) ping <VM IP-address> -t from outside networks works.
3) ping google.com (or something pingable) -t from VM OS works.
4) I run a following command on the hyper-v host:
Add-VMNetworkAdapterExtendedAcl -VMName test -Action Deny -Direction Outbound -Protocol "1" -Weight 11 -RemoteIPAddress 10.0.0.0/24
Both ping commands started to return "Request timed out" at once,
despite the fact that there are no hosts from 10.0.0.0/24 subnet in the test environment.
Here is the VMNetworkAdapterExtendedAclconfig:
ParentAdapter : Microsoft.HyperV.PowerShell.VMNetworkAdapter
Direction : Outbound
Action : Deny
LocalIPAddress : ANY
RemoteIPAddress : 10.0.0.0/24
LocalPort : ANY
RemotePort : ANY
Protocol : 1
Weight : 11
Stateful : False
IdleSessionTimeout : 0
IsolationID : 0
ToRemove : False
5) Running Get-VMNetworkAdapterExtendedAcl -VMName test | Remove-VMNetworkAdapterExtendedAcl restores ping replies.
I guess I can use any valid IPv4 network address instead of 10.0.0.0/24 and I will get the same result (I've already tried 123.0.0.0/8 and so on)
Using a single IP-address instead of subnet works without any problem.
So, is that a bug?