-
--allow
[PROTOCOL
[:_PORT_[-PORT
]] …]
-
A list of protocols and ports whose traffic will be allowed. Setting
this will override the current values.
-
PROTOCOL
is the IP protocol whose traffic will be allowed.
PROTOCOL
can be either the name of a well-known protocol
(e.g., tcp
or icmp
) or the IP protocol number.
A list of IP protocols can be found at
http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.
- A port or port range can be specified after
PROTOCOL
to
allow traffic through specific ports. If no port or port range
is specified, connections through all ranges are allowed. For
example, the following will create a rule that allows TCP traffic
through port 80 and allows ICMP traffic:
$ gcloud compute firewall-rules update MY-RULE --allow tcp:80 icmp
- TCP and UDP rules must include a port or port range.
-
--description
DESCRIPTION
-
A textual description for the firewall rule. Set to an empty string to clear existing description.
-
--source-ranges
[CIDR_RANGE
…]
-
A list of IP address blocks that are allowed to make inbound
connections that match the firewall rule to the instances on
the network. The IP address blocks must be specified in CIDR
format:
http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing.
Setting this will override the existing source ranges for the firewall.
The following will clear the existing source ranges:
$ gcloud compute firewall-rules update MY-RULE --source-ranges
-
--source-tags
[TAG
…]
-
A list of instance tags indicating the set of instances on the
network which may accept inbound connections that match the
firewall rule. If omitted, all instances on the network can
receive inbound connections that match the rule.
- Tags can be assigned to instances during instance creation.
Setting this will override the existing source tags for the firewall.
The following will clear the existing source tags:
$ gcloud compute firewall-rules update MY-RULE --source-tags
-
--target-tags
[TAG
…]
-
A list of instance tags indicating the set of instances on the
network which may make network connections that match the
firewall rule. If omitted, all instances on the network can
make connections that match the rule.
- Tags can be assigned to instances during instance creation.
Setting this will override the existing target tags for the firewall.
The following will clear the existing target tags:
$ gcloud compute firewall-rules update MY-RULE --target-tags