Class FirewallPolicyRuleMatcher (1.20.0)

FirewallPolicyRuleMatcher(mapping=None, *, ignore_unknown_fields=False, **kwargs)

Represents a match condition that incoming traffic is evaluated against. Exactly one field must be specified.

Attributes

Name Description
dest_address_groups MutableSequence[str]
Address groups which should be matched against the traffic destination. Maximum number of destination address groups is 10.
dest_fqdns MutableSequence[str]
Fully Qualified Domain Name (FQDN) which should be matched against traffic destination. Maximum number of destination fqdn allowed is 100.
dest_ip_ranges MutableSequence[str]
CIDR IP address range. Maximum number of destination CIDR IP ranges allowed is 5000.
dest_region_codes MutableSequence[str]
Region codes whose IP addresses will be used to match for destination of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of dest region codes allowed is 5000.
dest_threat_intelligences MutableSequence[str]
Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic destination.
layer4_configs MutableSequence[google.cloud.compute_v1.types.FirewallPolicyRuleMatcherLayer4Config]
Pairs of IP protocols and ports that the rule should match.
src_address_groups MutableSequence[str]
Address groups which should be matched against the traffic source. Maximum number of source address groups is 10.
src_fqdns MutableSequence[str]
Fully Qualified Domain Name (FQDN) which should be matched against traffic source. Maximum number of source fqdn allowed is 100.
src_ip_ranges MutableSequence[str]
CIDR IP address range. Maximum number of source CIDR IP ranges allowed is 5000.
src_region_codes MutableSequence[str]
Region codes whose IP addresses will be used to match for source of traffic. Should be specified as 2 letter country code defined as per ISO 3166 alpha-2 country codes. ex."US" Maximum number of source region codes allowed is 5000.
src_secure_tags MutableSequence[google.cloud.compute_v1.types.FirewallPolicyRuleSecureTag]
List of secure tag values, which should be matched at the source of the traffic. For INGRESS rule, if all the srcSecureTag are INEFFECTIVE, and there is no srcIpRange, this rule will be ignored. Maximum number of source tag values allowed is 256.
src_threat_intelligences MutableSequence[str]
Names of Network Threat Intelligence lists. The IPs in these lists will be matched against traffic source.