The code below is self explanatory. This can also be achieved using Hyper-V PowerShell CmdLets. Watch out for the priority and out of band changes if SCVMM is in play.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
$vmName = 'vmName' $vmSourceIp = '192.168.1.100' # Get Virtual Network Adapter $vmNetAdapter = Get-SCVirtualMachine -name $vmName | Get-SCVirtualNetworkAdapter # Create Port ACL to allow traffic only from assigned IP address $fwAcl = New-SCPortACL -Name "IP Lock - $vmName" -Description "To prevent the user changing IPs" # Only allow traffic source IP. New-SCPortACLrule -Name "AllowSourceIP" -Description "AllowSourceIP" -Type Outbound -Protocol ANY -Action Allow -PortACL $fwAcl -Priority 100 -SourceAddressPrefix $vmSourceIp # Block traffic from all other source IPs New-SCPortACLrule -Name "DenySourceIP" -Description "DenySourceIP" -Type Outbound -Protocol ANY -Action Deny -PortACL $fwAcl -Priority 200 # Assign port ACL to correct network adapter $vmNetAdapter | Set-SCVirtualNetworkAdapter -PortACL $fwAcl # Remediate adapter so port ACL rules applied $vmNetAdapter | Repair-SCVirtualNetworkAdapter |