functions/azure/loadbalancer/Remove-LBInboundNatRule.ps1
|
function Remove-LBInboundNatRule { <# .SYNOPSIS Removes a specified inbound NAT rule from both a Load Balancer and a VM's network interface configuration. .DESCRIPTION This function removes an inbound NAT rule from the specified Azure Load Balancer and detaches the rule from the IP configuration of a given virtual machine's network interface. This is useful for cleaning up RDP or SSH access rules that are no longer needed. .PARAMETER ResourceGroup The name of the resource group that contains the Azure Load Balancer. .PARAMETER LoadBalancerName The name of the Azure Load Balancer from which the NAT rule should be removed. .PARAMETER NatRuleName The name of the inbound NAT rule to be removed. .PARAMETER VMResourceGroup The resource group of the virtual machine associated with the NAT rule. .PARAMETER VMName The name of the virtual machine associated with the NAT rule. .PARAMETER NicIpConfigName The name of the IP configuration on the VM's network interface. .EXAMPLE Remove-LBInboundNatRule -ResourceGroup "my-rg" -LoadBalancerName "my-lb" -NatRuleName "RDP-Rule" ` -VMResourceGroup "my-vm-rg" -VMName "vm01" -NicIpConfigName "ipconfig1" Removes the "RDP-Rule" NAT rule from the load balancer and disassociates it from the VM "vm01". .OUTPUTS None .NOTES Author: Jascha Vincke Date: 2025-06-14 #> [CmdletBinding()] param( [Parameter(Mandatory)] [string]$ResourceGroup, [Parameter(Mandatory)] [string]$LoadBalancerName, [Parameter(Mandatory)] [string]$NatRuleName, [Parameter(Mandatory)] [string]$VMResourceGroup, [Parameter(Mandatory)] [string]$VMName, [Parameter(Mandatory)] [string]$NicIpConfigName ) $lb = Get-AzLoadBalancer -ResourceGroupName $ResourceGroup -Name $LoadBalancerName $vm = Get-AzVM -ResourceGroupName $VMResourceGroup -Name $VMName $nicId = $vm.NetworkProfile.NetworkInterfaces[0].Id $nicName = ($nicId -split '/')[8] $nicRG = ($nicId -split '/')[4] $nic = Get-AzNetworkInterface -ResourceGroupName $nicRG -Name $nicName $ipConfig = $nic.IpConfigurations | Where-Object { $_.Name -eq $NicIpConfigName } $natRules = $ipConfig.LoadBalancerInboundNatRules if ($natRules) { $newNatRules = $natRules | Where-Object { $_.Name -ne $NatRuleName } if ($newNatRules.Count -ne $natRules.Count) { $ipConfig.LoadBalancerInboundNatRules = $newNatRules Set-AzNetworkInterface -NetworkInterface $nic Write-Information "NAT rule '$NatRuleName' removed from NIC IP configuration." } else { Write-Warning "NAT rule '$NatRuleName' was not assigned to the NIC IP configuration." } } else { Write-Warning "No NAT rules assigned to NIC IP configuration." } $ruleToRemove = $lb.InboundNatRules | Where-Object { $_.Name -eq $NatRuleName } if ($ruleToRemove) { $lb.InboundNatRules.Remove($ruleToRemove) Set-AzLoadBalancer -LoadBalancer $lb Write-Information "NAT rule '$NatRuleName' removed from Load Balancer." } else { Write-Warning "NAT rule '$NatRuleName' does not exist in the Load Balancer." } } |