- NAME
-
- gcloud beta compute org-security-policies rules update - update a Compute Engine security policy rule
- SYNOPSIS
-
-
gcloud beta compute org-security-policies rules update
PRIORITY
--security-policy
=SECURITY_POLICY
[--action
=ACTION
] [--cloud-armor
] [--description
=DESCRIPTION
] [--dest-ip-ranges
=[DEST_IP_RANGE
,…]] [--direction
=DIRECTION
] [--[no-]enable-logging
] [--layer4-configs
=[LAYER4_CONFIG
,…]] [--new-priority
=NEW_PRIORITY
] [--organization
=ORGANIZATION
] [--preview
] [--target-resources
=[TARGET_RESOURCES
,…]] [--target-service-accounts
=[TARGET_SERVICE_ACCOUNTS
,…]] [--expression
=EXPRESSION
|--src-ip-ranges
=[SRC_IP_RANGE
,…]] [GCLOUD_WIDE_FLAG …
]
-
- DESCRIPTION
-
(BETA)
gcloud beta compute org-security-policies rules update
is used to update organization security policy rules. - EXAMPLES
-
To update a rule with priority ``10" in an organization security policy with ID
``123456789" to change the action to ``allow" and description to
``new-example-rule", run:
gcloud beta compute org-security-policies rules update create 10 --security-policy=123456789 --action=allow --description=new-example-rule
- POSITIONAL ARGUMENTS
-
PRIORITY
- Priority of the security policy rule to update.
- REQUIRED FLAGS
-
--security-policy
=SECURITY_POLICY
- short name of the security policy into which the rule should be updated.
- OPTIONAL FLAGS
-
--action
=ACTION
-
Action to take if the request matches the match condition.
ACTION
must be one of:allow
- Allows the request from HTTP(S) Load Balancing.
deny
- (DEPRECATED) Only used for Hierarchical Firewalls.
deny-403
- Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 403.
deny-404
- Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 404.
deny-502
- Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 502.
redirect
- Redirects the request from HTTP(S) Load Balancing, based on redirect options.
--cloud-armor
- Specified for Hierarchical Cloud Armor rules.
--description
=DESCRIPTION
- An optional, textual description for the rule.
--dest-ip-ranges
=[DEST_IP_RANGE
,…]- Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.
--direction
=DIRECTION
-
Direction of the traffic the rule is applied. The default is to apply on
incoming traffic.
DIRECTION
must be one of:INGRESS
,EGRESS
. --[no-]enable-logging
-
Use this flag to enable logging of connections that allowed or denied by this
rule. Use
--enable-logging
to enable and--no-enable-logging
to disable. --layer4-configs
=[LAYER4_CONFIG
,…]- A list of destination protocols and ports to which the firewall rule will apply.
--new-priority
=NEW_PRIORITY
- New priority for the rule to update. Valid in [0, 65535].
--organization
=ORGANIZATION
- Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is short name.
--preview
- If specified, the action will not be enforced.
--target-resources
=[TARGET_RESOURCES
,…]- List of URLs of target resources to which the rule is applied.
--target-service-accounts
=[TARGET_SERVICE_ACCOUNTS
,…]- List of target service accounts for the rule.
-
Security policy rule matcher.
At most one of these can be specified:
--expression
=EXPRESSION
- The Cloud Armor rules language expression to match for this rule.
--src-ip-ranges
=[SRC_IP_RANGE
,…]- The source IPs/IP ranges to match for this rule. To match all IPs specify *.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file
,--account
,--billing-project
,--configuration
,--flags-file
,--flatten
,--format
,--help
,--impersonate-service-account
,--log-http
,--project
,--quiet
,--trace-token
,--user-output-enabled
,--verbosity
.Run
$ gcloud help
for details. - NOTES
-
This command is currently in beta and might change without notice. This variant
is also available:
gcloud alpha compute org-security-policies rules update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-12-10 UTC.