如何限制Subnet1的入站互联网流量,并允许同一vnet的Subnet2的流量?并启用Subnet2的入站互联网流量。
如何在Azure中执行此操作?
+-----------------------------------+
| +-------------+ VNET |
| | +------+ |
| | SUBNET2 | | |
+---access ---->----+ | | |
| | | access |
| +-------------+ | |
Internet | +------------++ |
| | | |
| | SUBNET1 | |
+--X no access X------------X | |
| | | |
| +-------------+ |
+-----------------------------------+
如果没有NSG连接到VM NIC。您可以在SUBNET1 nsg:中添加两个入站安全规则
Priority Name Port Protocol Source Destination Action
101 allowSubnet2 any any Subnet1IPlists any allow
102 denyAny any any any any deny
在SUBNET2 nsg:中添加一个入站安全规则
Priority Name Port Protocol Source Destination Action
101 allowInternet any any Internet any allow