NAME

gcloud-compute-firewall-rules-update - Update a firewall rule

SYNOPSIS

gcloud compute firewall-rules update
  NAME
  [--allow [PROTOCOL[:PORT[-PORT]] …]]
  [--description DESCRIPTION]
  [--format FORMAT]
  [--help]
  [--project PROJECT]
  [--quiet, -q]
  [--source-ranges [CIDR_RANGE …]]
  [--source-tags [TAG …]]
  [--target-tags [TAG …]]
  [-h]

DESCRIPTION

gcloud compute firewall-rules update is used to update firewall rules that allow incoming traffic to a network. Only arguments passed in will be updated on the firewall rule. Other attributes will remain unaffected.

POSITIONAL ARGUMENTS

NAME

The name of the firewall rule to update.

FLAGS

--allow [PROTOCOL[:PORT[-PORT]] …]

A list of protocols and ports whose traffic will be allowed. Setting this will override the current values.

PROTOCOL is the IP protocol whose traffic will be allowed. PROTOCOL can be either the name of a well-known protocol (e.g., “tcp” or “icmp”) or the IP protocol number. A list of IP protocols can be found at http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml .

A port or port range can be specified after PROTOCOL to allow traffic through specific ports. If no port or port range is specified, connections through all ranges are allowed. For example, the following will create a rule that allows TCP traffic through port 80 and allows ICMP traffic:

$ gcloud compute firewall-rules update my-rule --allow tcp:80 icmp

TCP and UDP rules must include a port or port range.

--description DESCRIPTION

A textual description for the firewall rule. Set to an empty string to clear existing description.

--format FORMAT

Specify a format for printed output. By default, a command-specific human-friendly output format is used. Setting this flag to one of the available options will serialize the result of the command in the chosen format and print it to stdout. Supported formats are: "json", "text", "yaml".

--help

Display detailed help.

--project PROJECT

Google Cloud Platform project to use for this invocation.

--quiet

Disable all interactive prompts when running gcloud commands. If input is required, defaults will be used, or an error will be raised.

--source-ranges [CIDR_RANGE …]

A list of IP address blocks that are allowed to make inbound connections that match the firewall rule to the instances on the network. The IP address blocks must be specified in CIDR format: http://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing . Setting this will override the existing source ranges for the firewall. The following will clear the existing source ranges:

$ gcloud compute firewall-rules update my-rule --source-ranges

--source-tags [TAG …]

A list of instance tags indicating the set of instances on the network which may accept inbound connections that match the firewall rule. If omitted, all instances on the network can receive inbound connections that match the rule.

Tags can be assigned to instances during instance creation. Setting this will override the existing source tags for the firewall. The following will clear the existing source tags:

$ gcloud compute firewall-rules update my-rule --source-tags

--target-tags [TAG …]

A list of instance tags indicating the set of instances on the network which may make network connections that match the firewall rule. If omitted, all instances on the network can make connections that match the rule.

Tags can be assigned to instances during instance creation. Setting this will override the existing target tags for the firewall. The following will clear the existing target tags:

$ gcloud compute firewall-rules update my-rule --target-tags

-h

Print a summary help and exit.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License , and code samples are licensed under the Apache 2.0 License . For details, see our Site Policies .