mirror of
https://github.com/imjasonh/gcloud-help
synced 2026-07-18 06:47:12 +00:00
gcloud: Wed Nov 15 11:42:54 UTC 2023
This commit is contained in:
parent
03f0979970
commit
d3074f94bb
224 changed files with 6432 additions and 626 deletions
141
gcloud/vmware/network-policies/external-access-rules/create
Normal file
141
gcloud/vmware/network-policies/external-access-rules/create
Normal file
|
|
@ -0,0 +1,141 @@
|
|||
NAME
|
||||
gcloud vmware network-policies external-access-rules create - create a
|
||||
VMware Engine external access firewall rule
|
||||
|
||||
SYNOPSIS
|
||||
gcloud vmware network-policies external-access-rules create
|
||||
(EXTERNAL_ACCESS_RULE
|
||||
: --location=LOCATION --network-policy=NETWORK_POLICY)
|
||||
--destination-ranges=DESTINATION_IP_RANGES,[...]
|
||||
--ip-protocol=IP_PROTOCOL --priority=PRIORITY
|
||||
--source-ranges=SOURCE_IP_RANGES,[...]
|
||||
[--action=ACTION; default="ALLOW"] [--async]
|
||||
[--description=DESCRIPTION]
|
||||
[--destination-ports=DESTINATION_PORTS,[...]]
|
||||
[--source-ports=SOURCE_PORTS,[...]] [GCLOUD_WIDE_FLAG ...]
|
||||
|
||||
DESCRIPTION
|
||||
Create a VMware Engine external access firewall rule. Check the progress of
|
||||
a VMware Engine external access firewall rule creation using gcloud vmware
|
||||
network-policies external-access-rules list.
|
||||
|
||||
EXAMPLES
|
||||
To create an external access firewall rule called my-external-access-rule
|
||||
associated with the network policy my-network-policy in the us-west2
|
||||
region, run:
|
||||
|
||||
$ gcloud vmware network-policies external-access-rules create \
|
||||
my-external-access-rule --network-policy=my-network-policy \
|
||||
--priority=1000 --ip-protocol=TCP \
|
||||
--source-ranges=34.148.30.114/32 \
|
||||
--destination-ranges=projects/sample-project/locations/\
|
||||
us-west2-a/privateClouds/my-private-cloud/externalAddresses/\
|
||||
my-external-address --source-ports=22,10000-11000 \
|
||||
--destination-ports=22 --action=ALLOW --location=us-west2 \
|
||||
--project=sample-project
|
||||
|
||||
Or:
|
||||
|
||||
$ gcloud vmware network-policies external-access-rules create \
|
||||
my-external-access-rule --network-policy=my-network-policy \
|
||||
--priority=1000 --ip-protocol=TCP \
|
||||
--source-ranges=34.148.30.114/32 \
|
||||
--destination-ranges=projects/sample-project/locations/\
|
||||
us-west2-a/privateClouds/my-private-cloud/externalAddresses/\
|
||||
my-external-address --source-ports=22,10000-11000 \
|
||||
--destination-ports=22
|
||||
|
||||
In the second example, the project and the location are taken from gcloud
|
||||
properties core/project and compute/region respectively. The --action field
|
||||
also isn't specified, so its value defaults to ALLOW.
|
||||
|
||||
POSITIONAL ARGUMENTS
|
||||
VMware Engine External Access Rule resource - external_access_rule. The
|
||||
arguments in this group can be used to specify the attributes of this
|
||||
resource. (NOTE) Some attributes are not given arguments in this group but
|
||||
can be set in other ways.
|
||||
|
||||
To set the project attribute:
|
||||
◆ provide the argument external_access_rule on the command line with a
|
||||
fully specified name;
|
||||
◆ set the property core/project;
|
||||
◆ provide the argument --project on the command line.
|
||||
|
||||
This must be specified.
|
||||
|
||||
EXTERNAL_ACCESS_RULE
|
||||
ID of the VMware Engine External Access Rule or fully qualified
|
||||
identifier for the VMware Engine External Access Rule.
|
||||
|
||||
To set the external-access-rule attribute:
|
||||
▸ provide the argument external_access_rule on the command line.
|
||||
|
||||
This positional argument must be specified if any of the other
|
||||
arguments in this group are specified.
|
||||
|
||||
--location=LOCATION
|
||||
The resource name of the location.
|
||||
|
||||
To set the location attribute:
|
||||
▸ provide the argument external_access_rule on the command line
|
||||
with a fully specified name;
|
||||
▸ provide the argument --location on the command line;
|
||||
▸ set the property compute/region.
|
||||
|
||||
--network-policy=NETWORK_POLICY
|
||||
VMware Engine network policy
|
||||
|
||||
To set the network-policy attribute:
|
||||
▸ provide the argument external_access_rule on the command line
|
||||
with a fully specified name;
|
||||
▸ provide the argument --network-policy on the command line.
|
||||
|
||||
REQUIRED FLAGS
|
||||
--destination-ranges=DESTINATION_IP_RANGES,[...]
|
||||
A list of destination IP addresses that the rule applies to. Each entry
|
||||
in the list can be an ExternalAddress resource name or 0.0.0.0/0. When
|
||||
the value is set to 0.0.0.0/0, all IP addresses are allowed.
|
||||
|
||||
--ip-protocol=IP_PROTOCOL
|
||||
Internet protocol covered by the rule. Valid values are TCP, UDP, and
|
||||
ICMP. IP_PROTOCOL must be one of: TCP, UDP, ICMP.
|
||||
|
||||
--priority=PRIORITY
|
||||
Priority of this external access rule. Valid values are numbers between
|
||||
100 and 4096, with 100 being the highest priority. Firewall rules are
|
||||
processed from highest to lowest priority.
|
||||
|
||||
--source-ranges=SOURCE_IP_RANGES,[...]
|
||||
A list of source IP addresses that the rule applies to. Each entry in
|
||||
the list can be a CIDR notation or a single IP address. When the value
|
||||
is set to 0.0.0.0/0, all IP addresses are allowed.
|
||||
|
||||
OPTIONAL FLAGS
|
||||
--action=ACTION; default="ALLOW"
|
||||
Whether the firewall rule allows or denies traffic based on a
|
||||
successful rule match. By default, the action is ALLOW. ACTION must be
|
||||
one of: ALLOW, DENY.
|
||||
|
||||
--async
|
||||
Return immediately, without waiting for the operation in progress to
|
||||
complete. The default is True. Enabled by default, use --no-async to
|
||||
disable.
|
||||
|
||||
--description=DESCRIPTION
|
||||
User-provided description of the external access rule.
|
||||
|
||||
--destination-ports=DESTINATION_PORTS,[...]
|
||||
List of allowed destination ports. Each entry must be either an integer
|
||||
or a range.
|
||||
|
||||
--source-ports=SOURCE_PORTS,[...]
|
||||
List of allowed source ports. Each entry must be either an integer or a
|
||||
range.
|
||||
|
||||
GCLOUD WIDE FLAGS
|
||||
These flags are available to all commands: --access-token-file, --account,
|
||||
--billing-project, --configuration, --flags-file, --flatten, --format,
|
||||
--help, --impersonate-service-account, --log-http, --project, --quiet,
|
||||
--trace-token, --user-output-enabled, --verbosity.
|
||||
|
||||
Run $ gcloud help for details.
|
||||
Loading…
Add table
Add a link
Reference in a new issue