Console
Start free

gcloud compute org-security-policies rules create

NAME
gcloud compute org-security-policies rules create - create a Compute Engine organizationsecurity policy rule
SYNOPSIS
gcloud compute org-security-policies rules create PRIORITY --action=ACTION --security-policy=SECURITY_POLICY [--cloud-armor] [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,…]] [--direction=DIRECTION] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,…]] [--organization=ORGANIZATION] [--preview] [--target-resources=[TARGET_RESOURCES,…]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]] [--expression=EXPRESSION     | --src-ip-ranges=[SRC_IP_RANGE,…]] [GCLOUD_WIDE_FLAG]
DESCRIPTION
gcloud compute org-security-policies rules create is used to create organization security policy rules.
EXAMPLES
To create a rule with priority 10 in an organization security policy with ID 123456789, run: 
gcloud compute org-security-policies rules create 10 --security-policy=123456789 --action=allow --description=example-rule --cloud-armor
POSITIONAL ARGUMENTS
PRIORITY
Priority of the security policy rule to create.
REQUIRED FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must be one of:
allow
Allows the request from HTTP(S) Load Balancing.
deny
(DEPRECATED) Only used for Hierarchical Firewalls.
deny-403
Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 403.
deny-404
Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 404.
deny-502
Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 502.
goto-next
Defers enforcement to the next policy in the hierarchy.
redirect
Redirects the request from HTTP(S) Load Balancing, based on redirect options.
--security-policy=SECURITY_POLICY
short name of the security policy into which the rule should be inserted.
OPTIONAL FLAGS
--cloud-armor
Specified for Hierarchical Cloud Armor rules.
--description=DESCRIPTION
An optional, textual description for the rule.
--dest-ip-ranges=[DEST_IP_RANGE,…]
Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.
--direction=DIRECTION
Direction of the traffic the rule is applied. The default is to apply on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.
--[no-]enable-logging
Use this flag to enable logging of connections that allowed or denied by this rule. Use --enable-logging to enable and --no-enable-logging to disable.
--layer4-configs=[LAYER4_CONFIG,…]
A list of destination protocols and ports to which the firewall rule will apply.
--organization=ORGANIZATION
Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is short name.
--preview
If specified, the action will not be enforced.
--target-resources=[TARGET_RESOURCES,…]
List of URLs of target resources to which the rule is applied.
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]
List of target service accounts for the rule.
Security policy rule matcher. At most one of these can be specified:
--expression=EXPRESSION
The Cloud Armor rules language expression to match for this rule.
--src-ip-ranges=[SRC_IP_RANGE,…]
The source IPs/IP ranges to match for this rule. To match all IPs specify *.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
These variants are also available: 
gcloud alpha compute org-security-policies rules create
 
gcloud beta compute org-security-policies rules create
 
gcloud preview compute org-security-policies rules create