NAME

gcloud alpha compute routers nats rules create - add a Rule to a Compute Engine NAT

SYNOPSIS

gcloud alpha compute routers nats rules create RULE_NUMBER --match=MATCH --nat=NAT --router=ROUTER [--async] [--region=REGION] [--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]] [--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) gcloud alpha compute routers nats rules create is used to create a Rule on a Compute Engine NAT.

EXAMPLES

Create a rule to use the IP Address address-1 to talk to destination IPs in the CIDR Range "203.0.113.0/24".

$ gcloud alpha compute routers nats rules create 1 --nat=my-nat \ --router=my-router --region=us-central1 \ --match='inIpRange(destination.ip, "203.0.113.0/24")' \ --source-nat-active-ips=a1

POSITIONAL ARGUMENTS

RULE_NUMBER

Number that uniquely identifies the Rule to create

REQUIRED FLAGS

--match=MATCH

CEL Expression used to identify traffic to which this rule applies.

Supported attributes (Public NAT): destination.ip

Supported attributes (Private NAT): nexthop.hub

Supported methods (Public Nat): inIpRange

Supported operators (Public NAT): ||, ==

Supported operators (Private NAT): ==

Examples of allowed Match expressions (Public NAT):

'inIpRange(destination.ip, "203.0.113.0/24")''

'destination.ip == "203.0.113.7"'

'destination.ip == "203.0.113.7" || inIpRange(destination.ip, "203.0.113.16/25")'

Example of allowed Match expression (Private NAT):

nexthop.hub == "//networkconnectivity.googleapis.com/projects/p1/locations/global/hubs/h1"

--nat=NAT

Name of the NAT that contains the Rule

--router=ROUTER

The Router to use for NAT.

OPTIONAL FLAGS

--async

Return immediately, without waiting for the operation in progress to complete.

--region=REGION

Region of the NAT to create. If not specified, you might be prompted to select a region (interactive mode only).

To avoid prompting when this flag is omitted, you can set the compute/region property:

$ gcloud config set compute/region REGION

A list of regions can be fetched by running:

$ gcloud compute regions list

To unset the property, run:

$ gcloud config unset compute/region

Alternatively, the region can be stored in the environment variable CLOUDSDK_COMPUTE_REGION.

--source-nat-active-ips=IP_ADDRESS,[IP_ADDRESS,...]

External IP Addresses to use for connections matching this rule.

These must be valid reserved external IPs in the same region.

--source-nat-active-ranges=SUBNETWORK,[SUBNETWORK,...]

Subnetworks from which addresses are used for connections matching this rule. This is only supported for Private NAT, and is required when creating a Private NAT gateway..

These must be Subnetwork resources in the same region, with purpose set to PRIVATE_NAT.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist. These variants are also available:

$ gcloud compute routers nats rules create

$ gcloud beta compute routers nats rules create