- NAME
-
- gcloud beta compute firewall-policies mirroring-rules create - creates a Compute Engine firewall policy packet mirroring rule
- SYNOPSIS
-
-
gcloud beta compute firewall-policies mirroring-rules createPRIORITY--action=ACTION--firewall-policy=FIREWALL_POLICY[--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,…]] [--direction=DIRECTION] [--[no-]disabled] [--layer4-configs=[LAYER4_CONFIG,…]] [--organization=ORGANIZATION] [--security-profile-group=SECURITY_PROFILE_GROUP] [--src-ip-ranges=[SRC_IP_RANGE,…]] [--target-resources=[TARGET_RESOURCES,…]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(BETA)gcloud beta compute firewall-policies mirroring-rules createis used to create organization firewall policy packet mirroring rules. - EXAMPLES
-
To create a packet mirroring rule with priority ``10" in an organization
firewall policy with ID ``123456789", run:
gcloud beta compute firewall-policies mirroring-rules create 10 --firewall-policy=123456789 --action=mirror --security-profile-group=organizations/123/locations/global/securityProfileGroups/custom-security-profile-group --description=example-rule - POSITIONAL ARGUMENTS
-
PRIORITY- Priority of the firewall policy rule to create.
- REQUIRED FLAGS
-
--action=ACTION-
Action to take if the request matches the match condition.
ACTIONmust be one of:mirror,do_not_mirror,goto_next. --firewall-policy=FIREWALL_POLICY- Short name of the firewall policy into which the rule should be inserted.
- OPTIONAL FLAGS
-
--description=DESCRIPTION- An optional, textual description for the rule.
--dest-ip-ranges=[DEST_IP_RANGE,…]- Destination IP ranges to match for this rule.
--direction=DIRECTION-
Direction of the traffic the rule is applied. The default is to apply on
incoming traffic.
DIRECTIONmust be one of:INGRESS,EGRESS. --[no-]disabled-
Use this flag to disable the rule. Disabled rules will not affect traffic. Use
--disabledto enable and--no-disabledto disable. --layer4-configs=[LAYER4_CONFIG,…]- A list of destination protocols and ports to which the firewall rule will apply.
--organization=ORGANIZATION- Organization which the organization firewall policy belongs to. Must be set if FIREWALL_POLICY is short name.
--security-profile-group=SECURITY_PROFILE_GROUP- An org-based security profile group to be used with mirror action. Allowed formats are: a) http(s)://<namespace>/<api>/organizations/<org_id>/locations/global/securityProfileGroups/<profile> b) (//)<namespace>/organizations/<org_id>/locations/global/securityProfileGroups/<profile> c) <profile>. In case "c" gCloud CLI will create a reference matching format "a", but to make it work CLOUDSDK_API_ENDPOINT_OVERRIDES_NETWORKSECURITY property must be set. In order to set this property, please run the command gcloud config set api_endpoint_overrides/networksecurity https://<namespace>/.
--src-ip-ranges=[SRC_IP_RANGE,…]- Source IP ranges to match for this rule.
--target-resources=[TARGET_RESOURCES,…]- List of URLs of target resources to which the rule is applied.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
This command is currently in beta and might change without notice. This variant
is also available:
gcloud alpha compute firewall-policies mirroring-rules create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-08-20 UTC.