Using network limitations to limit access between computers and networks, even in virtual environments, is common practice. For instance, let's say you need to deny network access by a particular IP address or virtual machine to another virtual machine or to an entire network. In earlier versions of Hyper-V, you would have needed additional software or a network device to define these rules, making it more complicated and expensive.

Since Windows 2012, Hyper-V has supported a feature called Port ACLs, which enforces policies to block or allow network traffic on a virtual machine, IP address, or network range. These policies are created via PowerShell, and administrators can use them to control network traffic sent and received through the Hyper-V virtual switch.

Port ACLs will act as a network firewall and can be used to define the direction, address, and action for network rules.

This recipe will demonstrate how to create and analyze Port ACLs by using Hyper-V.