# ==================================================== # CONFIGURATION # ==================================================== $SubscriptionId = "33711ee7-4eb5-4de5-b8ea-13be6a2453e7" $ResourceGroup = "Test" $StorageAccount = "nlslogstreaming" # ==================================================== # LIST OF IP RANGES TO WHITELIST # ==================================================== $AllowedIPs = @( "4.150.34.96/29", "4.150.232.16/29", "4.190.132.16/29", "4.194.228.0/29", "4.199.173.4/30", "4.199.173.8/31", "4.229.112.98/31", "4.229.112.100/30", "4.243.117.44/30", "4.243.117.48/31", "9.160.56.72/29", "9.160.60.84/30", "9.160.60.88/31", "9.205.48.72/29", "9.234.56.198/31", "9.234.62.160/30", "9.234.71.84/30", "9.234.71.128/31", "20.6.139.232/29", "20.15.135.0/29", "20.17.127.192/29", "20.18.4.152/29", "20.19.31.176/29", "20.26.21.232/29", "20.42.174.32/28", "20.111.111.26/31", "20.111.111.28/30", "20.164.154.32/29", "20.167.128.240/29", "20.175.6.248/29", "20.200.166.216/29", "20.203.91.88/29", "20.204.198.192/29", "20.207.174.80/29", "20.211.228.96/29", "20.213.198.72/29", "20.213.226.184/29", "20.214.133.88/29", "20.220.5.160/29", "20.226.208.184/29", "20.233.129.152/29", "20.241.116.184/29", "40.80.103.224/29", "40.117.27.192/29", "48.195.218.212/30", "48.195.218.216/31", "48.195.239.128/27", "48.196.101.64/29", "48.197.92.176/29", "48.198.102.192/29", "48.199.8.0/30", "48.199.8.4/31", "48.199.12.192/28", "48.200.91.184/29", "48.216.34.128/29", "48.219.208.72/29", "48.219.213.158/31", "48.219.213.176/30", "48.221.145.84/30", "48.221.145.88/31", "51.4.136.72/29", "51.4.143.88/30", "51.4.143.92/31", "51.56.83.90/31", "51.56.83.112/30", "51.142.131.240/29", "52.148.43.192/29", "52.172.85.24/29", "52.188.246.16/28", "57.151.222.216/29", "57.158.117.232/30", "57.158.117.236/31", "68.154.144.170/31", "68.154.144.172/30", "68.210.175.8/29", "68.210.183.124/30", "68.210.183.176/31", "68.211.15.160/29", "68.219.174.64/28", "68.219.193.80/28", "70.153.166.216/29", "72.155.53.168/30", "72.155.53.172/31", "74.7.56.200/29", "74.7.60.198/31", "74.7.60.200/30", "74.7.193.48/29", "74.162.131.38/31", "74.162.131.40/30", "74.163.219.206/31", "74.163.219.216/30", "74.242.4.80/29", "74.249.142.200/29", "85.211.79.128/29", "104.208.170.56/29", "104.208.180.140/30", "134.138.83.8/29", "135.13.132.204/30", "135.13.132.208/31", "135.149.122.216/30", "135.149.122.220/31", "135.149.132.46/31", "135.149.132.56/30", "135.171.137.92/30", "135.171.138.48/28", "145.191.2.72/30", "145.191.2.76/31", "168.61.240.128/29", "172.165.73.64/29", "172.165.73.72/30", "172.172.252.120/29", "172.172.255.128/29", "172.175.125.64/29", "172.186.55.236/30", "172.186.55.240/31", "172.187.71.68/30", "172.191.219.40/29", "172.194.82.248/29", "172.198.98.184/29", "172.204.167.112/29", "172.204.242.56/30", "172.204.242.60/31", "172.209.80.174/31", "172.209.80.176/30", "172.209.192.254/31", "172.209.193.0/30", "2603:1010:207:1::b0/124", "2603:1010:404:5::5e0/124", "2603:1010:502:2::670/124", "2603:1020:104:3::370/124", "2603:1020:605:6::190/124", "2603:1020:905:5::6c0/124", "2603:1020:b04:5::5f0/124", "2603:1020:1502:2::640/124", "2603:1020:1602:2::640/124", "2603:1030:902:2::660/124", "2603:1030:1102:2::5e0/124", "2603:1030:1202:2::640/124", "2603:1030:1302:2::640/124", "2603:1030:1402:3::180/124", "2603:1030:1502:3::100/124", "2603:1030:1602:3::3a0/124", "2603:1030:1702:3::580/124", "2603:1040:806:6::c0/124", "2603:1040:c06:6::4c0/124", "2603:1040:1503:6::a0/124", "2603:1040:1602:2::550/124", "2603:1040:1702:2::640/124", "2603:1040:1802:2::350/124", "2603:1040:1904:2::4b0/124", "2603:1040:1a02:3::420/124", "2603:1040:1b02:3::600/124", "2603:1050:301:2::5e0/124" # Added missing comma issue fixed below automatically by array structure, but ensure no trailing lines. ) # ==================================================== # CONNECT & UPDATE FIREWALL # ==================================================== # Ensure Az module is present or basic connectivity try { Connect-AzAccount -ErrorAction Stop Set-AzContext -Subscription $SubscriptionId -ErrorAction Stop } catch { Write-Error "Could not connect to Azure. Please check your credentials." exit } Write-Host "`nStarting IP Whitelisting for $StorageAccount..." -ForegroundColor Cyan foreach ($ip in $AllowedIPs) { # Using Add-AzStorageAccountNetworkRule is safer than manually constructing objects. # It automatically checks if the rule exists and handles the update. # -ErrorAction SilentlyContinue prevents the script from stopping if the IP already exists. try { Write-Host "Processing $ip..." -NoNewline Add-AzStorageAccountNetworkRule ` -ResourceGroupName $ResourceGroup ` -Name $StorageAccount ` -IPAddressOrRange $ip ` -ErrorAction Stop | Out-Null Write-Host " [Added]" -ForegroundColor Green } catch { # Catching the specific error if the IP exists or is invalid if ($_.Exception.Message -like "*already exists*") { Write-Host " [Skipping - Exists]" -ForegroundColor Yellow } else { Write-Host " [Error: $($_.Exception.Message)]" -ForegroundColor Red } } } Write-Host "`n✔ All IPs processed successfully!" -ForegroundColor Green