List bucket IP filtering rules

This page describes how to list the bucket IP filtering rules. With the list bucket IP filtering rules operation, you can check if IP filtering is enabled or disabled on a bucket. If you need to view information about the specific network sources that are allowed, use the Get bucket IP filtering rules operation.

Required roles

To get the required permissions for listing the bucket IP filtering rules, ask your administrator to grant you the Storage Admin (roles/storage.admin) role on the bucket. This role contains the storage.buckets.list permission required to list bucket IP filtering rules.

You can also get this permission with custom roles. You might be able to get this permission with other predefined roles as well. To see which roles are associated with which permissions, refer to IAM roles for Cloud Storage.

For instructions on granting roles for projects, see Manage access to projects.

List bucket IP filtering rules

Console

In the Google Cloud console, go to the Cloud Storage Buckets page.

Go to Buckets
In the list of buckets, click the name of the bucket you want to update.
On the Bucket details page, click the Configuration tab.
In the Permissions section, navigate to IP filtering. Then, click Edit IP filtering configuration.

The IP filtering page displays the following details:
- IP filtering status of the bucket.
- Whether service agents are configured to bypass the IP filter validation.
- Whether access from cross-organization VPC networks is allowed.
- All configured IP filtering rules.

gcloud

Verify that you have the Google Cloud CLI version 526.0.0 or later installed:
```
gcloud version | head -n1
```
If you have an earlier gcloud CLI version installed, update the version:
```
gcloud components update --version=526.0.0
```
To list the bucket IP filtering rules, run the gcloud storage buckets describe command in your development environment:
```
gcloud storage buckets describe gs://BUCKET_NAME --format="default(ip_filter_config)"
```
Where:

BUCKET_NAME is the name of your bucket. For example, my-bucket.

JSON API

Have gcloud CLI installed and initialized , which lets you generate an access token for the Authorization header.

Use cURL to call the JSON API with a List bucket request:

curl -X GET \
  -H "Authorization: Bearer $(gcloud auth print-access-token)" \
  "https://storage.googleapis.com/storage/v1/b?project=PROJECT_ID"

Where:

PROJECT_ID is the ID of the project containing the buckets you want to list. For example, my-project.

The response looks like the following example:

{
  "kind": "storage#buckets",
  "items":
        {
        "kind": "storage#bucket",
        "selfLink": "https://www.googleapis.com/storage/v1/b/my-bucket1",
        "id": "my-bucket1",
        "name": "my-bucket1",
        "projectNumber": "123456789012",
        ...
          },
        "ipFilter": {
          "mode": "Disabled"
         }
        {
        "kind": "storage#bucket",
        "selfLink": "https://www.googleapis.com/storage/v1/b/my-bucket2",
        "id": "my-bucket2",
        "name": "my-bucket2",
        "projectNumber": "123456789013",
        ...
        },
        "ipFilter": {
          "mode": "Enabled"
        }
},

What's next

Try it for yourself

If you're new to Google Cloud, create an account to evaluate how Cloud Storage performs in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

Try Cloud Storage free

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-03 UTC.