gcloud_alpha_compute_security-policies_rules

gcloud_alpha_compute_security-policies_rules_create (1)

NAME

: gcloud alpha compute security-policies rules create - create a Google Compute Engine security policy rule

SYNOPSIS

gcloud alpha compute security-policies rules create PRIORITY --action=ACTION (--expression=EXPRESSION | --src-ip-ranges=[SRC_IP_RANGE,...]) [--description=DESCRIPTION] [--preview] [--security-policy=SECURITY_POLICY] [GCLOUD_WIDE_FLAG ...]

DESCRIPTION

(ALPHA) gcloud alpha compute security-policies rules create is used

to create security policy rules.
For example to create a rule at priority 1000 to block the IP range 1.2.3.0/24, run:

: $ gcloud alpha compute security-policies rules create 1000 \
    --action deny-403 \
    --security-policy my-policy \
    --description "block 1.2.3.0/24" \
    --src-ip-ranges 1.2.3.0/24

POSITIONAL ARGUMENTS

PRIORITY: The priority of the rule to add. Rules are evaluated in order from highest priority to lowest priority where 0 is the highest priority and 2147483647 is the lowest priority.

REQUIRED FLAGS

--action=ACTION

The action to take if the request matches the match condition. ACTION must be one of: allow, deny-403, deny-404, deny-502.

Security policy rule matcher. Exactly one of these must be specified:

--expression=EXPRESSION: The Cloud Armor rules language expression to match for this rule.
--src-ip-ranges=[SRC_IP_RANGE,...]: The source IPs/IP ranges to match for this rule. To match all IPs specify *.

OPTIONAL FLAGS

--description=DESCRIPTION: An optional, textual description for the rule.
--preview: If specified, the action will not be enforced.
--security-policy=SECURITY_POLICY: The security policy that this rule belongs to.

GCLOUD WIDE FLAGS

These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.

NOTES

This command is currently in ALPHA and may change without notice. If this command fails with API permission errors despite specifying the right project, you will have to apply for early access and have your projects registered on the API whitelist to use it. To do so, contact Support at cloud.google.com/support These variants are also available:

: $ gcloud compute security-policies rules create $ gcloud beta compute security-policies rules create

gcloud_alpha_compute_security-policies_rules_create • man page

gcloud_alpha_compute_security-policies_rules_create • man page