1
0
Fork 0
mirror of https://github.com/imjasonh/gcloud-help synced 2026-07-15 01:15:34 +00:00
gcloud-help/gcloud/compute/network-firewall-policies/rules/update
2023-01-19 00:56:33 +00:00

122 lines
5 KiB
Text

NAME
gcloud compute network-firewall-policies rules update - updates a Compute
Engine network firewall policy rule
SYNOPSIS
gcloud compute network-firewall-policies rules update PRIORITY
--firewall-policy=FIREWALL_POLICY [--action=ACTION]
[--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,...]]
[--direction=DIRECTION] [--[no-]disabled] [--[no-]enable-logging]
[--layer4-configs=[LAYER4_CONFIG,...]] [--new-priority=NEW_PRIORITY]
[--src-ip-ranges=[SRC_IP_RANGE,...]]
[--src-secure-tags=[SOURCE_SECURE_TAGS,...]]
[--target-secure-tags=[TARGET_SECURE_TAGS,...]]
[--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]]
[--firewall-policy-region=FIREWALL_POLICY_REGION
| --global-firewall-policy] [GCLOUD_WIDE_FLAG ...]
DESCRIPTION
gcloud compute network-firewall-policies rules update is used to update
network firewall policy rules.
EXAMPLES
To update a rule with priority 10 in a global network firewall policy with
name my-policy to change the action to allow and description to new example
rule, run:
$ gcloud compute network-firewall-policies rules update 10 \
--firewall-policy=my-policy --action=allow \
--description="new example rule"
POSITIONAL ARGUMENTS
PRIORITY
Priority of the rule to be updated. Valid in [0, 65535].
REQUIRED FLAGS
--firewall-policy=FIREWALL_POLICY
Firewall policy ID with which to update rule.
OPTIONAL FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must
be one of: allow, deny, goto_next.
--description=DESCRIPTION
An optional, textual description for the rule.
--dest-ip-ranges=[DEST_IP_RANGE,...]
Destination IP ranges to match for this rule.
--direction=DIRECTION
Direction of the traffic the rule is applied. The default is to apply
on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.
--[no-]disabled
Use this flag to disable the rule. Disabled rules will not affect
traffic. Use --disabled to enable and --no-disabled to disable.
--[no-]enable-logging
Use this flag to enable logging of connections that allowed or denied
by this rule. Use --enable-logging to enable and --no-enable-logging to
disable.
--layer4-configs=[LAYER4_CONFIG,...]
A list of destination protocols and ports to which the firewall rule
will apply.
--new-priority=NEW_PRIORITY
New priority for the rule to update. Valid in [0, 65535].
--src-ip-ranges=[SRC_IP_RANGE,...]
A list of IP address blocks that are allowed to make inbound
connections that match the firewall rule to the instances on the
network. The IP address blocks must be specified in CIDR format:
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.Either
--src-ip-ranges or --src-secure-tags must be specified for INGRESS
traffic. If both --src-ip-ranges and --src-secure-tags are specified,
the rule matches if either the range of the source matches
--src-ip-ranges or the secure tag of the source matches
--src-secure-tags.Multiple IP address blocks can be specified if they
are separated by commas.
--src-secure-tags=[SOURCE_SECURE_TAGS,...]
A list of instance secure tags indicating the set of instances on the
network to which the rule applies if all other fields match. Either
--src-ip-ranges or --src-secure-tags must be specified for ingress
traffic. If both --src-ip-ranges and --src-secure-tags are specified,
an inbound connection is allowed if either the range of the source
matches --src-ip-ranges or the tag of the source matches
--src-secure-tags. Secure Tags can be assigned to instances during
instance creation.
--target-secure-tags=[TARGET_SECURE_TAGS,...]
An optional, list of target secure tags with a name of the format
tagValues/ or full namespaced name
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,...]
List of target service accounts for the rule.
At most one of these can be specified:
--firewall-policy-region=FIREWALL_POLICY_REGION
Region of the firewall policy to operate on. Overrides the default
compute/region property value for this command invocation.
--global-firewall-policy
If set, the firewall policy is global.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account,
--billing-project, --configuration, --flags-file, --flatten, --format,
--help, --impersonate-service-account, --log-http, --project, --quiet,
--trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
NOTES
These variants are also available:
$ gcloud alpha compute network-firewall-policies rules update
$ gcloud beta compute network-firewall-policies rules update