- NAME
-
- gcloud beta compute network-policies traffic-classification-rules create - creates a Compute Engine network policy rule
- SYNOPSIS
-
-
gcloud beta compute network-policies traffic-classification-rules create--action=ACTION--dest-ip-ranges=[DEST_IP_RANGE,…]--dscp-mode=DSCP_MODE--layer4-configs=[LAYER4_CONFIG,…]--network-policy=NETWORK_POLICY--priority=PRIORITY--traffic-class=TRAFFIC_CLASS[--description=DESCRIPTION] [--[no-]disabled] [--dscp-value=DSCP_VALUE] [--name=NAME] [--network-policy-region=NETWORK_POLICY_REGION] [--src-ip-ranges=[SRC_IP_RANGE,…]] [--target-secure-tags=[TARGET_SECURE_TAGS,…]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]] [GCLOUD_WIDE_FLAG …]
-
- DESCRIPTION
-
(BETA)gcloud beta compute network-policies traffic-classification-rules createis used to create network policy rules. - EXAMPLES
-
To create a traffic classification rule with priority
10my-policyexample ruleregion-agcloud beta compute network-policies traffic-classification-rules create --priority=10 --action=apply_traffic_classification --network-policy=my-policy --network-policy-region=region-a --dest-ip-ranges=11.0.0.0/8 --description="example rule" --traffic-class tc1 --dscp-mode custom --dscp-value 3 --layer4-configs=tcp:80,udp - REQUIRED FLAGS
-
--action=ACTION-
Action to take if the request matches the match condition.
ACTIONmust be (only one value is supported):apply_traffic_classification. --dest-ip-ranges=[DEST_IP_RANGE,…]- Destination IP ranges to match for this rule.
--dscp-mode=DSCP_MODE-
When set to AUTO, the DSCP value will be picked automatically based on selected
traffic class. Otherwise, DSCP value must be specified.
DSCP_MODEmust be one of:auto,custom. --layer4-configs=[LAYER4_CONFIG,…]- A list of destination protocols and ports to which the network policy rule will apply.
--network-policy=NETWORK_POLICY- Network policy ID with which to create rule.
--priority=PRIORITY- Priority of the rule to be added. Valid in [1, 2147482647].
--traffic-class=TRAFFIC_CLASS-
The traffic class that be applied to matching packet.
TRAFFIC_CLASSmust be one of:tc1,tc2,tc3,tc4,tc5,tc6.
- OPTIONAL FLAGS
-
--description=DESCRIPTION- An optional, textual description for the rule.
--[no-]disabled-
Use this flag to disable the rule. Disabled rules will not affect traffic. Use
--disabledto enable and--no-disabledto disable. --dscp-value=DSCP_VALUE- Custom DSCP value from 0-63 range.
--name=NAME- An optional name for the network policy rule.
--network-policy-region=NETWORK_POLICY_REGION-
Region of the network policy to create. Overrides the default
compute/regionproperty value for this command invocation. --src-ip-ranges=[SRC_IP_RANGE,…]- CIDR IP address range.
- An optional, list of target secure tags with a name of the format tagValues/ or full namespaced name
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]- List of target service accounts for the rule.
- GCLOUD WIDE FLAGS
-
These flags are available to all commands:
--access-token-file,--account,--billing-project,--configuration,--flags-file,--flatten,--format,--help,--impersonate-service-account,--log-http,--project,--quiet,--trace-token,--user-output-enabled,--verbosity.Run
$ gcloud helpfor details. - NOTES
-
This command is currently in beta and might change without notice. This variant
is also available:
gcloud alpha compute network-policies traffic-classification-rules create
gcloud beta compute network-policies traffic-classification-rules create
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-03-24 UTC.