gcloud beta compute org-security-policies rules create - create a Compute Engine security policy rule
gcloud beta compute org-security-policies rules create PRIORITY --action=ACTION --security-policy=SECURITY_POLICY [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]] [--direction=DIRECTION] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]] [--organization=ORGANIZATION] [--src-ip-ranges=[SRC_IP_RANGE,...]] [--target-resources=[TARGET_RESOURCES,...]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]] [GCLOUD_WIDE_FLAG ...]
(BETA) gcloud beta compute org-security-policies rules create is used to create organization security policy rules.
To create a rule with priority ``10" in an organization security policy with ID ``123456789", run:
$ gcloud beta compute org-security-policies rules create create 10 \ --security-policy=123456789 --action=allow \ --description=example-rule
- PRIORITY
Priority of the security policy rule to create.
- --action=ACTION
Action to take if the request matches the match condition. ACTION must be one of: allow, deny, goto_next.
- --security-policy=SECURITY_POLICY
Display name of the security policy into which the rule should be inserted.
- --description=DESCRIPTION
An optional, textual description for the rule.
- --dest-ip-ranges=[DEST_IP_RANGE,...]
Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.
- --direction=DIRECTION
Direction of the traffic the rule is applied. The default is to apply on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.
- --[no-]enable-logging
Use this flag to enable logging of connections that allowed or denied by this rule. Use --enable-logging to enable and --no-enable-logging to disable.
- --layer4-configs=[LAYER4_CONFIG,...]
A list of destination protocols and ports to which the firewall rule will apply.
- --organization=ORGANIZATION
Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is display name.
- --src-ip-ranges=[SRC_IP_RANGE,...]
Source IP ranges to match for this rule. Can only be specified if DIRECTION is ingress.
- --target-resources=[TARGET_RESOURCES,...]
List of URLs of target resources to which the rule is applied.
- --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
This command is currently in beta and might change without notice. This variant is also available:
$ gcloud alpha compute org-security-policies rules create