Can be associated to a network interface (for per-host rules), a subnet in the virtual network (to apply to multiple resources), or both levels.
use rules to allow or deny traffic moving through the network.
Each rule identifies the source and destination address (or range), protocol, port (or range), direction (inbound or outbound), a numeric priority, and whether to allow or deny the traffic that matches the rule.