Google Cloud Platform
Hide
Google Compute Engine
Write Feedback

Firewalls

Represents a Firewall resource. See Firewalls documentation for more information.

For a list of methods for this resource, see the end of this page.

Resource representations

A Firewall resource.

{
  "kind": "compute#firewall",
  "selfLink": string,
  "id": unsigned long,
  "creationTimestamp": string,
  "name": string,
  "description": string,
  "network": string,
  "sourceRanges": [
    string
  ],
  "sourceTags": [
    string
  ],
  "targetTags": [
    string
  ],
  "allowed": [
    {
      "IPProtocol": string,
      "ports": [
        string
      ]
    }
  ]
}
Property name Value Description Notes
allowed[] list The list of rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
allowed[].IPProtocol string The IP protocol that is allowed for this rule. The protocol type is required when creating a firewall. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp), or the IP protocol number.
allowed[].ports[] list An optional list of ports which are allowed. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, connections through any port are allowed

Example inputs include: ["22"], ["80","443"], and ["12345-12349"].
creationTimestamp string [Output Only] Creation timestamp in RFC3339text format.
description string An optional textual description of the resource; provided by the client when the resource is created.
id unsigned long [Output Only] Unique identifier for the resource; defined by the server.
kind string [Output Ony] Type of the resource. Always compute#firewall for firewall rules.
name string Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
network string URL of the network resource for this firewall rule. This field is required for creating an instance but optional when creating a firewall rule. If not specified when creating a firewall rule, the default network is used: 
global/networks/default
If you choose to specify this property, you can specify the network as a full or partial URL. For example, the following are all valid URLs:
  • https://www.googleapis.com/compute/v1/projects/myproject/global/networks/my-network
  • projects/myproject/global/networks/my-network
  • global/networks/default
sourceRanges[] list The IP address blocks that this rule applies to, expressed in CIDR format. One or both of sourceRanges and sourceTags may be set.

If both properties are set, an inbound connection is allowed if the range or the tag of the source matches the sourceRanges OR matches the sourceTags property; the connection does not need to match both properties.
sourceTags[] list A list of instance tags which this rule applies to. One or both of sourceRanges and sourceTags may be set.

If both properties are set, an inbound connection is allowed if the range or the tag of the source matches the sourceRanges OR matches the sourceTags property; the connection does not need to match both properties.
targetTags[] list A list of instance tags indicating sets of instances located on network which may make network connections as specified in allowed[]. If no targetTags are specified, the firewall rule applies to all instances on the specified network.

Methods

The following are valid Firewall resource methods:

delete
Deletes the specified firewall resource.
get
Returns the specified firewall resource.
insert
Creates a firewall resource in the specified project using the data included in the request.
list
Retrieves the list of firewall resources available to the specified project.
patch
Updates the specified firewall resource with the data included in the request. This method supports patch semantics.
update
Updates the specified firewall resource with the data included in the request.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies.