how to include list of IPs while creating egress rule via gcloud?

Question

I try to create an egress firewall rule to open specific destination IPs, here is what I do for only one destination-ranges:

gcloud compute firewall-rules create my_egress \
    --network ${NETWORK_NAME} \
    --action allow \
    --rules all \
    --direction egress \
    --destination-ranges 43.249.72.0/22 \
    --priority 1000

My question is how to have a list of IP ranges instead of just one (here instead of 43.249.72.0/22, I want 23.235.32.0/20, 43.249.72.0/22 for example)?

Did you delete the default rule which allows egress? Be careful with egress rules. You can break your VMs. Edit your question with details on what you are trying to accomplish. — John Hanley, Apr 21 '22 at 09:36

score 0 · Accepted Answer · answered Apr 21 '22 at 09:11

After some trial-and-error I found something useful here: https://cloud.google.com/sdk/gcloud/reference/compute/firewall-rules/create

It seems you need to put it inside "", without space, separated by comma.

gcloud compute firewall-rules create my_egress \
    --network ${NETWORK_NAME} \
    --action allow \
    --rules all \
    --direction egress \
    --destination-ranges "43.249.72.0/22,23.235.32.0/20" \
    --priority 1000

how to include list of IPs while creating egress rule via gcloud?

1 Answers1