基础结构 FQDNInfrastructure FQDNs

Azure 防火墙包含默认情况下允许的基础结构 FQDN 的内置规则集合。Azure Firewall includes a built-in rule collection for infrastructure FQDNs that are allowed by default. 这些 FQDN 特定于平台,不能用于其他目的。These FQDNs are specific for the platform and can't be used for other purposes.

内置规则集合中包含以下服务:The following services are included in the built-in rule collection:

  • 存储平台映像存储库 (PIR) 的计算访问权限Compute access to storage Platform Image Repository (PIR)
  • 托管磁盘状态存储访问权限Managed disks status storage access
  • Azure 诊断和日志记录 (MDS)Azure Diagnostics and Logging (MDS)

替代Overriding

可以通过创建最后处理的“全部拒绝”应用程序规则集合,来替代这个内置基础结构规则集合。You can override this built-in infrastructure rule collection by creating a deny all application rule collection that is processed last. 该应用程序规则集合始终在基础结构规则集合之前进行处理。It will always be processed before the infrastructure rule collection. 默认情况下,会拒绝基础结构规则集合中不包含的任何条件。Anything not in the infrastructure rule collection is denied by default.

后续步骤Next steps