- NAME
- gcloud-compute-firewall-rules-update - Update a firewall rule
- SYNOPSIS
-
gcloud compute firewall-rules update NAME [--allow [PROTOCOL[:PORT[-PORT]] …]] [--description DESCRIPTION] [--format FORMAT] [--help] [--project PROJECT] [--quiet, -q] [--source-ranges [CIDR_RANGE …]] [--source-tags [TAG …]] [--target-tags [TAG …]] [-h]
- DESCRIPTION
-
gcloud compute firewall-rules update
is used to update firewall rules that allow incoming traffic to a network. Only arguments passed in will be updated on the firewall rule. Other attributes will remain unaffected. - POSITIONAL ARGUMENTS
-
-
NAME
- The name of the firewall rule to update.
-
- FLAGS
-
-
--allow
[PROTOCOL[:PORT[-PORT]] …]
- A list of protocols and ports whose traffic will be allowed. Setting this will override the current values.
-
PROTOCOL
is the IP protocol whose traffic will be allowed.PROTOCOL
can be either the name of a well-known protocol (e.g., “tcp” or “icmp”) or the IP protocol number. A list of IP protocols can be found at http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml . -
A port or port range can be specified after
PROTOCOL
to allow traffic through specific ports. If no port or port range is specified, connections through all ranges are allowed. For example, the following will create a rule that allows TCP traffic through port 80 and allows ICMP traffic: -
$ gcloud compute firewall-rules update my-rule --allow tcp:80 icmp
- TCP and UDP rules must include a port or port range.
-
--description
DESCRIPTION
- A textual description for the firewall rule. Set to an empty string to clear existing description.
-
--format
FORMAT
- Specify a format for printed output. By default, a command-specific human-friendly output format is used. Setting this flag to one of the available options will serialize the result of the command in the chosen format and print it to stdout. Supported formats are: "json", "text", "yaml".
-
--help
- Display detailed help.
-
--project
PROJECT
- Google Cloud Platform project to use for this invocation.
-
--quiet
- Disable all interactive prompts when running gcloud commands. If input is required, defaults will be used, or an error will be raised.
-
--source-ranges
[CIDR_RANGE …]
- A list of IP address blocks that are allowed to make inbound connections that match the firewall rule to the instances on the network. The IP address blocks must be specified in CIDR format: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing . Setting this will override the existing source ranges for the firewall. The following will clear the existing source ranges:
-
$ gcloud compute firewall-rules update my-rule --source-ranges
-
--source-tags
[TAG …]
- A list of instance tags indicating the set of instances on the network which may accept inbound connections that match the firewall rule. If omitted, all instances on the network can receive inbound connections that match the rule.
- Tags can be assigned to instances during instance creation. Setting this will override the existing source tags for the firewall. The following will clear the existing source tags:
-
$ gcloud compute firewall-rules update my-rule --source-tags
-
--target-tags
[TAG …]
- A list of instance tags indicating the set of instances on the network which may make network connections that match the firewall rule. If omitted, all instances on the network can make connections that match the rule.
- Tags can be assigned to instances during instance creation. Setting this will override the existing target tags for the firewall. The following will clear the existing target tags:
-
$ gcloud compute firewall-rules update my-rule --target-tags
-
-h
- Print a summary help and exit.
-
gcloud compute firewall-rules update
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License , and code samples are licensed under the Apache 2.0 License . For details, see our Site Policies .
Last updated August 11, 2014.