ExternalAccessRule
import type { ExternalAccessRule } from "https://googleapis.deno.dev/v1/vmwareengine:v1.ts";
External access firewall rules for filtering incoming traffic destined to
ExternalAddress
resources.
§Properties
The action that the external access rule performs.
If destination ranges are specified, the external access rule applies only
to the traffic that has a destination IP address in these ranges. The
specified IP addresses must have reserved external IP addresses in the
scope of the parent network policy. To match all external IP addresses in
the scope of the parent network policy, specify 0.0.0.0/0
. To match a
specific external IP address, specify it using the
IpRange.external_address
property.
A list of destination ports to which the external access rule applies.
This field is only applicable for the UDP or TCP protocol. Each entry must
be either an integer or a range. For example: ["22"]
, ["80","443"]
, or
["12345-12349"]
. To match all destination ports, specify ["0-65535"]
.
The IP protocol to which the external access rule applies. This value can
be one of the following three protocol strings (not case-sensitive): tcp
,
udp
, or icmp
.
Output only. The resource name of this external access rule. Resource
names are schemeless URIs that follow the conventions in
https://cloud.google.com/apis/design/resource_names. For example:
projects/my-project/locations/us-central1/networkPolicies/my-policy/externalAccessRules/my-rule
External access rule priority, which determines the external access rule
to use when multiple rules apply. If multiple rules have the same priority,
their ordering is non-deterministic. If specific ordering is required,
assign unique priorities to enforce such ordering. The external access rule
priority is an integer from 100 to 4096, both inclusive. Lower integers
indicate higher precedence. For example, a rule with priority 100
has
higher precedence than a rule with priority 101
.
If source ranges are specified, the external access rule applies only to
traffic that has a source IP address in these ranges. These ranges can
either be expressed in the CIDR format or as an IP address. As only inbound
rules are supported, ExternalAddress
resources cannot be the source IP
addresses of an external access rule. To match all source addresses,
specify 0.0.0.0/0
.
A list of source ports to which the external access rule applies. This
field is only applicable for the UDP or TCP protocol. Each entry must be
either an integer or a range. For example: ["22"]
, ["80","443"]
, or
["12345-12349"]
. To match all source ports, specify ["0-65535"]
.