man-page

GCLOUD_BETA_COMPUTE_FIREWALL-POLICIES_RULES_UPDATE(1)
GCLOUD_BETA_COMPUTE_FIREWALL-POLICIES_RULES_UPDATE(1)

NAME

gcloud beta compute firewall-policies rules update - updates a Compute Engine firewall policy rule

gcloud beta compute firewall-policies rules update PRIORITY --firewall-policy=FIREWALL_POLICY [--action=ACTION] [--description=DESCRIPTION] [--dest-address-groups=[DEST_ADDRESS_GROUPS,...]] [--dest-fqdns=[DEST_FQDNS,...]] [--dest-ip-ranges=[DEST_IP_RANGE,...]] [--dest-region-codes=[DEST_REGION_CODES,...]] [--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]] [--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY] [--organization=ORGANIZATION] [--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]] [--src-fqdns=[SOURCE_FQDNS,...]] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--src-region-codes=[SOURCE_REGION_CODES,...]] [--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]] [--target-resources=[TARGET_RESOURCES,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(BETA) gcloud beta compute firewall-policies rules update is used to update organization firewall policy rules.

EXAMPLES

To update a rule with priority ``10" in an organization firewall policy with ID ``123456789" to change the action to ``allow" and description to ``new-example-rule", run:

$ gcloud beta compute firewall-policies rules update 10 \ --firewall-policy=123456789 --action=allow \ --description=new-example-rule

POSITIONAL ARGUMENTS

PRIORITY

Priority of the firewall policy rule to update.

REQUIRED FLAGS

--firewall-policy=FIREWALL_POLICY

Short name of the firewall policy into which the rule should be updated.

OPTIONAL FLAGS

--action=ACTION

Action to take if the request matches the match condition. ACTION must be one of: allow, deny, goto_next.

--description=DESCRIPTION

An optional, textual description for the rule.

--dest-address-groups=[DEST_ADDRESS_GROUPS,...]

Dest address groups to match for this rule. Can only be specified if DIRECTION is egress.

--dest-fqdns=[DEST_FQDNS,...]

Dest FQDNs to match for this rule. Can only be specified if DIRECTION is egress.

--dest-ip-ranges=[DEST_IP_RANGE,...]

Destination IP ranges to match for this rule.

--dest-region-codes=[DEST_REGION_CODES,...]

Dest Region Code to match for this rule. Can only be specified if DIRECTION is egress.

--dest-threat-intelligence=[DEST_THREAT_INTELLIGENCE_LISTS,...]

Destination Threat Intelligence lists to match for this rule. Can only be specified if DIRECTION is egress. The available lists can be found here: https://cloud.google.com/vpc/docs/firewall-policies-rule-details#threat-intelligence-fw-policy.

--direction=DIRECTION

Direction of the traffic the rule is applied. The default is to apply on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.

--[no-]disabled

Use this flag to disable the rule. Disabled rules will not affect traffic. Use --disabled to enable and --no-disabled to disable.

--[no-]enable-logging

Use this flag to enable logging of connections that allowed or denied by this rule. Use --enable-logging to enable and --no-enable-logging to disable.

--layer4-configs=[LAYER4_CONFIG,...]

A list of destination protocols and ports to which the firewall rule will apply.

--new-priority=NEW_PRIORITY

New priority for the rule to update. Valid in [0, 65535].

--organization=ORGANIZATION

Organization which the organization firewall policy belongs to. Must be set if FIREWALL_POLICY is short name.

--src-address-groups=[SOURCE_ADDRESS_GROUPS,...]

Source address groups to match for this rule. Can only be specified if DIRECTION is ingress.

--src-fqdns=[SOURCE_FQDNS,...]

Source FQDNs to match for this rule. Can only be specified if DIRECTION is ingress.

--src-ip-ranges=[SRC_IP_RANGE,...]

Source IP ranges to match for this rule.

--src-region-codes=[SOURCE_REGION_CODES,...]

Source Region Code to match for this rule. Can only be specified if DIRECTION is ingress.

--src-threat-intelligence=[SOURCE_THREAT_INTELLIGENCE_LISTS,...]

Source Threat Intelligence lists to match for this rule. Can only be specified if DIRECTION is ingress. The available lists can be found here: https://cloud.google.com/vpc/docs/firewall-policies-rule-details#threat-intelligence-fw-policy.

--target-resources=[TARGET_RESOURCES,...]

List of URLs of target resources to which the rule is applied.

--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]

List of target service accounts for the rule.

GCLOUD WIDE FLAGS

These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES

This command is currently in beta and might change without notice. These variants are also available:

$ gcloud compute firewall-policies rules update

$ gcloud alpha compute firewall-policies rules update