Back to the start
Is there a specific reason to use ESXCLI command instead of the API?
Please check the HostFirewallSystem
In general it is better to use the API and use esxcli only if something is not available via the API.
If you want to continue with esxcli
$DstEsxCli.network.firewall.ruleset.set($true, $false, $CurrentSetting)
$esxcli.network.firewall.ruleset.set($allowedall,$enabled,$rulesetid)
.PARAMETER allowedall
Set to true to allowed all ip, set to false to use allowed ip list.
.PARAMETER enabled
Set to true to enable ruleset, set to false to disable it.
.PARAMETER rulesetid
The label of the ruleset.
[System.Nullable[boolean]]$allowedall,
[System.Nullable[boolean]]$enabled,
[string]$rulesetid,
$DstEsxCli.network.firewall.ruleset.allowedip.remove("$DIP", "$CurrentSetting")
$esxcli.network.firewall.ruleset.allowedip.remove($ipaddress,$rulesetid)
.PARAMETER ipaddress
Allowed ip address/range for the ruleset.
.PARAMETER rulesetid
The label of the ruleset.
[string]$ipaddress,
[string]$rulesetid,
$DstEsxCli.network.firewall.ruleset.allowedip.add("$SIP", "$CurrentSetting")
$esxcli.network.firewall.ruleset.allowedip.add($ipaddress,$rulesetid)
.PARAMETER ipaddress
Allowed ip address/range for the ruleset.
.PARAMETER rulesetid
The label of the ruleset.
[string]$ipaddress,
[string]$rulesetid,
All parameters above have been extracted from get-esxli on steroids and these functions have been generated from information directly obtained from get-esxcli for all namespaces.
The key point is that none of these functions require as a parameter an object of type:
TypeName: "Selected.VMware.VimAutomation.ViCore.Impl.V1.EsxCli.EsxCliObjectImpl"
So you don't need to convert back to a "Selected.VMware.VimAutomation.ViCore.Impl.V1.EsxCli.EsxCliObjectImpl" consequently the title of this topic is not relevant anymore.
And by the way this type of object will be returned for ANY get-esxcli command.
If you need to split your initial csv table in many lines (One for each IP) you can use
$MyTable = Import-csv "YourPath\firewall.csv" -Delimiter `t
$NewTable = $MyTable | foreach-object{
$MyRow = $_
($_.ALLowedIPAddresses -replace'[{}]','').split(",") | foreach-object{
$Output = New-Object -Type PSObject -Prop ([ordered]@{
'RuleSet'= $MyRow.RuleSet
'ALLowedIPAddresses' = $_
'Enabled' = $MyRow.Enabled
})
Return $Output
}
}
$NewTable
The result is:
PowerCLI C:\> $NewTable
RuleSet ALLowedIPAddresses Enabled
------- ------------------ -------
activeDirectoryAll AA.BB.28.1 TRUE
activeDirectoryAll AA.BB.28.2 TRUE
activeDirectoryAll AA.BB.124.1 TRUE
activeDirectoryAll AA.BB.124.2 TRUE
CIMHttpServer AA.BB.134.77 TRUE
CIMHttpsServer AA.BB.134.77 TRUE
CIMSLP AA.BB.21.128/26 TRUE
cmmds All FALSE
****
Fot the import i have used tab as a delimiter. (Tab was used in the example you have provided)
-replace'[{}]','
is used to remove the characters{}
.split(",")
As discussed earlier
If and only if "activeDirectoryAll" is the ruleset ID (I am not able to test) then you should be in position to do for example:
$NewTable | foreach-object {
$DstEsxCli.network.firewall.ruleset.allowedip.add($_.ALLowedIPAddresses, "$_.RuleSet")
}
Or if you just want an object with an array in "AllowedIPAddresses"
$NewTable = $MyTable | foreach-object{
$Output = New-Object -Type PSObject -Prop ([ordered]@{
'RuleSet'= $_.RuleSet
'ALLowedIPAddresses' = ($_.ALLowedIPAddresses -replace'[{}]','').split(",")
'Enabled' = $_.Enabled
})
Return $Output
}
$NewTable
$NewTable and $MyTable will look the same...
But
$MyTable.allowedIPAddresses
$NewTable.allowedIPAddresses
Will show that you have now an array within ALLowedIPAddresses and not a long string.