NAME
    gcloud alpha compute org-security-policies rules create - create a Compute
        Engine security policy rule

SYNOPSIS
    gcloud alpha compute org-security-policies rules create PRIORITY
        --action=ACTION --security-policy=SECURITY_POLICY
        [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]]
        [--dest-ports=[DEST_PORTS,...]] [--direction=DIRECTION]
        [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,...]]
        [--organization=ORGANIZATION] [--src-ip-ranges=[SRC_IP_RANGE,...]]
        [--target-resources=[TARGET_RESOURCES,...]]
        [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    (ALPHA) gcloud alpha compute org-security-policies rules create is used to
    create organization security policy rules.

EXAMPLES
    To create a rule with priority ``10" in an organization security policy
    with ID ``123456789", run:

        $ gcloud alpha compute org-security-policies rules create create \
            10 --security-policy=123456789 --action=allow \
            --description=example-rule

POSITIONAL ARGUMENTS
     PRIORITY
        Priority of the security policy rule to create.

REQUIRED FLAGS
     --action=ACTION
        Action to take if the request matches the match condition. ACTION must
        be one of: allow, deny, goto_next.

     --security-policy=SECURITY_POLICY
        Display name of the security policy into which the rule should be
        inserted.

OPTIONAL FLAGS
     --description=DESCRIPTION
        An optional, textual description for the rule.

     --dest-ip-ranges=[DEST_IP_RANGE,...]
        Destination IP ranges to match for this rule. Can only be specified if
        DIRECTION is egress.

     --dest-ports=[DEST_PORTS,...]
        A list of destination protocols and ports to which the firewall rule
        will apply.

     --direction=DIRECTION
        Direction of the traffic the rule is applied. The default is to apply
        on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.

     --[no-]enable-logging
        Use this flag to enable logging of connections that allowed or denied
        by this rule. Use --enable-logging to enable and --no-enable-logging to
        disable.

     --layer4-configs=[LAYER4_CONFIG,...]
        A list of destination protocols and ports to which the firewall rule
        will apply.

     --organization=ORGANIZATION
        Organization which the organization security policy belongs to. Must be
        set if SECURITY_POLICY is display name.

     --src-ip-ranges=[SRC_IP_RANGE,...]
        Source IP ranges to match for this rule. Can only be specified if
        DIRECTION is ingress.

     --target-resources=[TARGET_RESOURCES,...]
        List of URLs of target resources to which the rule is applied.

     --target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
        List of target service accounts for the rule.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    This command is currently in alpha and might change without notice. If this
    command fails with API permission errors despite specifying the correct
    project, you might be trying to access an API with an invitation-only early
    access allowlist. This variant is also available:

        $ gcloud beta compute org-security-policies rules create

