gcloud alpha compute org-security-policies rules update

gcloud alpha compute org-security-policies rules update - update a Compute Engine security policy rule

gcloud alpha compute org-security-policies rules update PRIORITY --security-policy=SECURITY_POLICY [--action=ACTION] [--cloud-armor] [--description=DESCRIPTION] [--dest-ip-ranges=[DEST_IP_RANGE,…]] [--dest-ports=[DEST_PORTS,…]] [--direction=DIRECTION] [--[no-]enable-logging] [--layer4-configs=[LAYER4_CONFIG,…]] [--new-priority=NEW_PRIORITY] [--organization=ORGANIZATION] [--[no-]preview] [--target-resources=[TARGET_RESOURCES,…]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]] [--expression=EXPRESSION     | --src-ip-ranges=[SRC_IP_RANGE,…]] [GCLOUD_WIDE_FLAG …]

PRIORITY

Priority of the security policy rule to update.

--security-policy=SECURITY_POLICY

short name of the security policy into which the rule should be updated.

--action=ACTION

Action to take if the request matches the match condition. ACTION must be one of:

allow

Allows the request from HTTP(S) Load Balancing.

deny

(DEPRECATED) Only used for Hierarchical Firewalls.

deny-403

Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 403.

deny-404

Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 404.

deny-502

Denies the request from HTTP(S) Load Balancing, with an HTTP response status code of 502.

goto-next

Defers enforcement to the next policy in the hierarchy.

redirect

Redirects the request from HTTP(S) Load Balancing, based on redirect options.

--cloud-armor

Specified for Hierarchical Cloud Armor rules.

--description=DESCRIPTION

An optional, textual description for the rule.

--dest-ip-ranges=[DEST_IP_RANGE,…]

Destination IP ranges to match for this rule. Can only be specified if DIRECTION is egress.

--dest-ports=[DEST_PORTS,…]

A list of destination protocols and ports to which the firewall rule will apply.

--direction=DIRECTION

Direction of the traffic the rule is applied. The default is to apply on incoming traffic. DIRECTION must be one of: INGRESS, EGRESS.

--[no-]enable-logging

Use this flag to enable logging of connections that allowed or denied by this rule. Use --enable-logging to enable and --no-enable-logging to disable.

--layer4-configs=[LAYER4_CONFIG,…]

A list of destination protocols and ports to which the firewall rule will apply.

--new-priority=NEW_PRIORITY

New priority for the rule to update. Valid in [0, 65535].

--organization=ORGANIZATION

Organization which the organization security policy belongs to. Must be set if SECURITY_POLICY is short name.

--[no-]preview

If specified, the action will not be enforced. Use --preview to enable and --no-preview to disable.

--target-resources=[TARGET_RESOURCES,…]

List of URLs of target resources to which the rule is applied.

--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]

List of target service accounts for the rule.

Security policy rule matcher.

At most one of these can be specified:

--expression=EXPRESSION

The Cloud Armor rules language expression to match for this rule.

--src-ip-ranges=[SRC_IP_RANGE,…]

The source IPs/IP ranges to match for this rule. To match all IPs specify *.

Run $ gcloud help for details.