When setting up NSG port rules, remove ones not present in the template

Question

When setting up NSG port rules, remove ones not present in the template

Badgerati opened this issue 7 years ago · 0 comments

When creating an NSG and configuring the port rules, rules are added but never removed. So if you have a template that configures 5 rules, then drops down to 4, then up to 6 but the new last 2 are different to the previous 5th; this new 5th rule will fail because a rule with that priority already exists.

It would be ideal if when the rules were dropped down to 4, the older 5th one was removed from the NSG.

This could be achieved by only inspected rules with a priority of 4095 or less (as this is the highest priority Azure lets you set up to, and pre-configured ones by Azure are like 65,000+)