gcloud_compute_security-policies_rules_create (1)
NAME
- gcloud compute security-policies rules create - create a Google Compute Engine security policy rule
SYNOPSIS
-
gcloud compute security-policies rules create PRIORITY --action=ACTION (--expression=EXPRESSION | --src-ip-ranges=[SRC_IP_RANGE,...]) [--description=DESCRIPTION] [--preview] [--security-policy=SECURITY_POLICY] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
gcloud compute security-policies rules create is used to create security
For example to create a rule at priority 1000 to block the IP range 1.2.3.0/24, run:
-
$ gcloud compute security-policies rules create 1000 \
--action deny-403 \
--security-policy my-policy \
--description "block 1.2.3.0/24" \
--src-ip-ranges 1.2.3.0/24
POSITIONAL ARGUMENTS
-
- PRIORITY
-
The priority of the rule to add. Rules are evaluated in order from highest
priority to lowest priority where 0 is the highest priority and 2147483647 is
the lowest priority.
REQUIRED FLAGS
-
- --action=ACTION
-
The action to take if the request matches the match condition. ACTION must
be one of: allow, deny-403, deny-404, deny-502.
-
Security policy rule matcher. Exactly one of these must be specified:
-
- --expression=EXPRESSION
-
The Cloud Armor rules language expression to match for this rule.
- --src-ip-ranges=[SRC_IP_RANGE,...]
-
The source IPs/IP ranges to match for this rule. To match all IPs specify *.
-
OPTIONAL FLAGS
-
- --description=DESCRIPTION
-
An optional, textual description for the rule.
- --preview
-
If specified, the action will not be enforced.
- --security-policy=SECURITY_POLICY
-
The security policy that this rule belongs to.
GCLOUD WIDE FLAGS
These flags are available to all commands: --account, --configuration, --flags-file, --flatten, --format, --help, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity. Run $ gcloud help for details.
NOTES
These variants are also available:
- $ gcloud alpha compute security-policies rules create $ gcloud beta compute security-policies rules create