HEX
Server: Apache/2.4.65 (Ubuntu)
System: Linux ielts-store-v2 6.8.0-1036-gcp #38~22.04.1-Ubuntu SMP Thu Aug 14 01:19:18 UTC 2025 x86_64
User: root (0)
PHP: 7.2.34-54+ubuntu20.04.1+deb.sury.org+1
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,
$ pwd: /snap/google-cloud-cli/396/lib/googlecloudsdk/schemas/compute/beta/
Upload Files
File: //snap/google-cloud-cli/396/lib/googlecloudsdk/schemas/compute/beta/FirewallPolicyRule.yaml
$schema: "http://json-schema.org/draft-06/schema#"

title: compute beta FirewallPolicyRule export schema
description: A gcloud export/import command YAML validation schema.
type: object
additionalProperties: false
properties:
  COMMENT:
    type: object
    description: User specified info ignored by gcloud import.
    additionalProperties: false
    properties:
      template-id:
        type: string
      region:
        type: string
      description:
        type: string
      date:
        type: string
      version:
        type: string
  UNKNOWN:
    type: array
    description: Unknown API fields that cannot be imported.
    items:
      type: string
  action:
    description: |-
      The Action to perform when the client connection triggers the rule. Valid
      actions for firewall rules are: "allow", "deny",
      "apply_security_profile_group" and "goto_next". Valid actions for packet
      mirroring rules are: "mirror", "do_not_mirror" and "goto_next".
    type: string
  description:
    description: An optional description for this resource.
    type: string
  direction:
    description: The direction in which this rule applies.
    type: string
    enum:
    - EGRESS
    - INGRESS
  disabled:
    description: |-
      Denotes whether the firewall policy rule is disabled. When set to true,
      the firewall policy rule is not enforced and traffic behaves as if it did
      not exist. If this is unspecified, the firewall policy rule will be
      enabled.
    type: boolean
  enableLogging:
    description: |-
      Denotes whether to enable logging for a particular rule. If logging is
      enabled, logs will be exported to the configured export destination in
      Stackdriver. Logs may be exported to BigQuery or Pub/Sub.
    type: boolean
  kind:
    description: |-
      [Output only] Type of the resource. Returns compute#firewallPolicyRule for
      firewall rules and compute#packetMirroringRule for packet mirroring rules.
    type: string
  match:
    description: |-
      A match condition that incoming traffic is evaluated against. If it
      evaluates to true, the corresponding 'action' is enforced.
    $ref: FirewallPolicyRuleMatcher.yaml
  priority:
    description: |-
      An integer indicating the priority of a rule in the list. The priority
      must be a positive value between 0 and 2147483647. Rules are evaluated
      from highest to lowest priority where 0 is the highest priority and
      2147483647 is the lowest priority.
    type: integer
  ruleName:
    description: |-
      An optional name for the rule. This field is not a unique identifier and
      can be updated.
    type: string
  ruleTupleCount:
    description: |-
      [Output Only] Calculation of the complexity of a single firewall policy
      rule.
    type: integer
  securityProfileGroup:
    description: |-
      A fully-qualified URL of a SecurityProfile resource instance. Example:
      https://networksecurity.googleapis.com/v1/projects/{p
      roject}/locations/{location}/securityProfileGroups/my-security-profile-
      group Must be specified if action is one of 'apply_security_profile_group'
      or 'mirror'. Cannot be specified for other actions.
    type: string
  targetResources:
    description: |-
      A list of network resource URLs to which this rule applies. This field
      allows you to control which network's VMs get this rule. If this field is
      left blank, all VMs within the organization will receive the rule.
    type: array
    items:
      type: string
  targetSecureTags:
    description: |-
      A list of secure tags that controls which instances the firewall rule
      applies to. If targetSecureTag are specified, then the firewall rule
      applies only to instances in the VPC network that have one of those
      EFFECTIVE secure tags, if all the target_secure_tag are in INEFFECTIVE
      state, then this rule will be ignored. targetSecureTag may not be set
      at the same time as targetServiceAccounts. If neither
      targetServiceAccounts nor targetSecureTag are specified, the firewall
      rule applies to all instances on the specified network. Maximum number
      of target label tags allowed is 256.
    type: array
    items:
      $ref: FirewallPolicyRuleSecureTag.yaml
  targetServiceAccounts:
    description: |-
      A list of service accounts indicating the sets of instances that
      are applied with this rule.
    type: array
    items:
      type: string
  tlsInspect:
    description: |-
      Boolean flag indicating if the traffic should be TLS
      decrypted. Can be set only if action =
      'apply_security_profile_group' and cannot be set for other
      actions.
    type: boolean
@ Telegram