-
-
Save mtellin/8ea12e66c5ac6eef369d8dfc00d5447e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#PowerNSX example script | |
#Nick Bradford | |
#nbradford@vmware.com | |
<# | |
Copyright © 2015 VMware, Inc. All Rights Reserved. | |
This program is free software: you can redistribute it and/or modify it under | |
the terms of the GNU General Public License version 2, as published by the Free Software Foundation. | |
This program is distributed in the hope that it will be useful, but WITHOUT ANY | |
WARRANTY; without even the implied warranty of MERCHANTIBILITY or FITNESS | |
FOR A PARTICULAR PURPOSE. See the GNU General Public License version 2 for more details. | |
You should have received a copy of the General Public License version 2 along with this program. | |
If not, see https://www.gnu.org/licenses/gpl-2.0.html. | |
The full text of the General Public License 2.0 is provided in the COPYING file. | |
Some files may be comprised of various open source software components, each of which | |
has its own license that is located in the source code of the respective component. | |
#> | |
<# | |
This is a SAMPLE script that enables logging on all firewall rules in the NSX DFW. | |
It is intended to be an example of how to perform a certain action and may not be suitable | |
for all purposes. Please read an understand its action and modify as appropriate, or ensure | |
its suitability for a given situation before blindly running it. | |
Testing is limited to a lab environment. Please test accordingly. | |
#> | |
#Requires -Version 3.0 | |
#Requires -Module PowerNSX | |
If ( -not $DefaultNsxConnection ) { | |
throw "Please connect to to NSX first" | |
} | |
foreach ( $section in (Get-NsxFirewallSection | ? { $_.name -notmatch 'Default Section Layer3' })) { | |
$req = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method get | |
$content = [xml]$req.Content | |
foreach ($rule in $content.section.rule) { $rule.logged = "true" } | |
$AdditionalHeaders = @{"If-Match"=$req.Headers.ETag} | |
$response = Invoke-NsxWebRequest -URI "/api/4.0/firewall/globalroot-0/config/layer3sections/$($section.id)" -method put -extraheader $AdditionalHeaders -body $content.section.outerxml | |
if ( -not $response.StatusCode -eq 200 ) { | |
throw "Failed putting section $($section.name) ($($section.id)). $($response.StatusCode) : $($response.StatusDescription)" | |
} | |
else { | |
write-host "Enabled logging on all rules in Section $($section.name) ($($section.id))" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment