Google Cloud Platform
Hide
Compute Engine
Write Feedback

Firewalls: insert

Requires authorization

Creates a firewall resource in the specified project using the data included in the request. Try it now.

Request

HTTP request

POST https://www.googleapis.com/compute/v1/projects/project/global/firewalls

Parameters

Parameter name Value Description
Path parameters
project string Project ID of the project scoping this request.

Authorization

This request requires authorization with the following scope (read more about authentication and authorization).

Scope
https://www.googleapis.com/auth/compute

Request body

In the request body, supply a Firewalls resource with the following properties:

Property name Value Description Notes
Required Properties
name string Name of the resource; provided by the client when the resource is created. The name must be 1-63 characters long, and comply with RFC1035. Specifically, the name must be 1-63 characters long and match the regular expression [a-z]([-a-z0-9]*[a-z0-9])? which means the first character must be a lowercase letter, and all following characters must be a dash, lowercase letter, or digit, except the last character, which cannot be a dash.
allowed[] list The list of rules specified by this firewall. Each rule specifies a protocol and port-range tuple that describes a permitted connection.
allowed[].IPProtocol string The IP protocol that is allowed for this rule. This is required when creating a firewall. This can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp), or the IP protocol number. For example: 
"allowed": [
    {
      "IPProtocol": "tcp"
    },
    {
      "IPProtocol": "17",
      "ports": [ "161" ],
    }
  ]

Note: Certain types of traffic are not allowed between virtual machines and the Internet, regardless of the firewall settings. Read the documentation on blocked traffic for more information.
sourceRanges[] list The IP address blocks that this rule applies to, expressed in CIDR format. One or both of sourceRanges and sourceTags may be set.

If both properties are set, an inbound connection is allowed if the range or the tag of the source matches the sourceRanges OR matches the sourceTags property; the connection does not need to match both properties.
sourceTags[] list A list of instance tags which this rule applies to. One or both of sourceRanges and sourceTags may be set.

If both properties are set, an inbound connection is allowed if the range or the tag of the source matches the sourceRanges OR matches the sourceTags property; the connection does not need to match both properties.

Response

If successful, this method returns a GlobalOperations resource in the response body.

{
  "kind": "compute#operation",
  "id": unsigned long,
  "creationTimestamp": string,
  "name": string,
  "zone": string,
  "clientOperationId": string,
  "operationType": string,
  "targetLink": string,
  "targetId": unsigned long,
  "status": string,
  "statusMessage": string,
  "user": string,
  "progress": integer,
  "insertTime": string,
  "startTime": string,
  "endTime": string,
  "error": {
    "errors": [
      {
        "code": string,
        "location": string,
        "message": string
      }
    ]
  },
  "warnings": [
    {
      "code": string,
      "message": string,
      "data": [
        {
          "key": string,
          "value": string
        }
      ]
    }
  ],
  "httpErrorStatusCode": integer,
  "httpErrorMessage": string,
  "selfLink": string,
  "region": string
}
Property name Value Description Notes
kind string [Output Only] Type of the resource. Always compute#operation for Operation resources.
id unsigned long [Output Only] Unique identifier for the resource, generated by the server.
creationTimestamp string [Output Only] Creation timestamp in RFC3339 text format.
name string [Output Only] Name of the resource.
zone string [Output Only] URL of the zone where the operation resides. Only available when performing per-zone operations.
clientOperationId string [Output Only] An optional identifier specified by the client when the mutation was initiated. Must be unique for all operation resources in the project.
operationType string [Output Only] Type of the operation. Operations include insertupdate, and delete.
targetId unsigned long [Output Only] Unique target ID which identifies a particular incarnation of the target.
status string [Output Only] Status of the operation.

Acceptable values are:
  • "DONE": The operation has finished.
  • "PENDING": The operation is pending and not yet run.
  • "RUNNING": The operation is currently running.
statusMessage string [Output Only] An optional textual description of the current status of the operation.
user string [Output Only] User who requested the operation, for example: user@example.com.
progress integer [Output Only] An optional progress indicator that ranges from 0 to 100. There is no requirement that this be linear or support any granularity of operations. This should not be used to guess at when the operation will be complete. This number should be monotonically increasing as the operation progresses.
insertTime string [Output Only] The time that this operation was requested. This is in RFC3339 text format.
startTime string [Output Only] The time that this operation was started by the server. This is in RFC3339 text format.
endTime string [Output Only] The time that this operation was completed. This is in RFC3339 text format.
error object [Output Only] If errors occurred during processing of this operation, this field will be populated.
error.errors[] list [Output Only] The array of errors encountered while processing this operation.
error.errors[].code string [Output Only] The error type identifier for this error.
error.errors[].location string [Output Only] Indicates the field in the request which caused the error. This property is optional.
error.errors[].message string [Output Only] An optional, human-readable error message.
warnings[] list [Output Only] If there are issues with this operation, a warning is returned.
warnings[].code string [Output Only] The warning type identifier for this warning.

Acceptable values are:
  • "DEPRECATED_RESOURCE_USED": Indicates that you are using a deprecated resource and should transition to using a more current resource.
  • "DISK_SIZE_LARGER_THAN_IMAGE_SIZE": Indicates that the disk you are creating is larger than the size of the image and you might need to repartition the disk to use the additional space.
  • "INJECTED_KERNELS_DEPRECATED": Indicates that specifying a separate Kernel resource is deprecated. You should transition to using images that contain kernel binaries. 
  • "NEXT_HOP_ADDRESS_NOT_ASSIGNED": You did not specify a next hop address for your route.
  • "NEXT_HOP_CANNOT_IP_FORWARD": In order for your route to work correctly, your source and destination virtual machine instances must have canIpForward enabled. See the documentation for more information.
  • "NEXT_HOP_INSTANCE_NOT_FOUND": The next hop instance you specified was not found. Please double check that the instance exists and that you have specified it correctly.
  • "NEXT_HOP_INSTANCE_NOT_ON_NETWORK": The next hop instance you specified was not found on the same network as your route object. Please make sure the instance is part of the same network as your route object.
  • "NEXT_HOP_NOT_RUNNING": The next hop instance you specified is not currently running. Please restart or create the instance.
  • "NO_RESULTS_ON_PAGE": There were no results for your request.
  • "REQUIRED_TOS_AGREEMENT": You must first agree to the terms of service agreement before you can use this service.
  • "RESOURCE_NOT_DELETED": Your resource couldn't be deleted. It is possible that another resource is currently using this resource.
  • "UNREACHABLE": The Compute Engine service is currently unreachable.
warnings[].message string [Output Only] The warning type identifier for this warning.
warnings[].data[] list [Output Only] Metadata for this warning in 'key: value' format.
warnings[].data[].key string [Output Only] Metadata key for this warning.
warnings[].data[].value string [Output Only] Metadata value for the specified key.
httpErrorStatusCode integer [Output Only] If operation fails, the HTTP error status code returned, e.g. 404.
httpErrorMessage string [Output Only] If operation fails, the HTTP error message returned, e.g. NOT FOUND.
region string [Output Only] URL of the region where the operation resides. Only available when performing regional operations.

Try it!

Use the APIs Explorer below to call this method on live data and see the response.

Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 3.0 License, and code samples are licensed under the Apache 2.0 License. For details, see our Site Policies.