gcloud alpha compute network-policies traffic-classification-rules create

NAME
gcloud alpha compute network-policies traffic-classification-rules create - creates a Compute Engine network policy rule
SYNOPSIS
gcloud alpha compute network-policies traffic-classification-rules create --action=ACTION --dest-ip-ranges=[DEST_IP_RANGE,…] --dscp-mode=DSCP_MODE --layer4-configs=[LAYER4_CONFIG,…] --network-policy=NETWORK_POLICY --priority=PRIORITY --traffic-class=TRAFFIC_CLASS [--description=DESCRIPTION] [--[no-]disabled] [--dscp-value=DSCP_VALUE] [--name=NAME] [--network-policy-region=NETWORK_POLICY_REGION] [--src-ip-ranges=[SRC_IP_RANGE,…]] [--target-secure-tags=[TARGET_SECURE_TAGS,…]] [--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]] [GCLOUD_WIDE_FLAG]
DESCRIPTION
(ALPHA) gcloud alpha compute network-policies traffic-classification-rules create is used to create network policy rules.
EXAMPLES
To create a traffic classification rule with priority 10 in a network policy with name my-policy and description example rule, in region region-a, run: 
gcloud alpha compute network-policies traffic-classification-rules create --priority=10 --action=apply_traffic_classification --network-policy=my-policy --network-policy-region=region-a --dest-ip-ranges=11.0.0.0/8 --description="example rule" --traffic-class tc1 --dscp-mode custom --dscp-value 3 --layer4-configs=tcp:80,udp
REQUIRED FLAGS
--action=ACTION
Action to take if the request matches the match condition. ACTION must be (only one value is supported): apply_traffic_classification.
--dest-ip-ranges=[DEST_IP_RANGE,…]
Destination IP ranges to match for this rule.
--dscp-mode=DSCP_MODE
When set to AUTO, the DSCP value will be picked automatically based on selected traffic class. Otherwise, DSCP value must be specified. DSCP_MODE must be one of: auto, custom.
--layer4-configs=[LAYER4_CONFIG,…]
A list of destination protocols and ports to which the network policy rule will apply.
--network-policy=NETWORK_POLICY
Network policy ID with which to create rule.
--priority=PRIORITY
Priority of the rule to be added. Valid in [1, 2147482547].
--traffic-class=TRAFFIC_CLASS
The traffic class that be applied to matching packet. TRAFFIC_CLASS must be one of: tc1, tc2, tc3, tc4, tc5, tc6.
OPTIONAL FLAGS
--description=DESCRIPTION
An optional, textual description for the rule.
--[no-]disabled
Use this flag to disable the rule. Disabled rules will not affect traffic. Use --disabled to enable and --no-disabled to disable.
--dscp-value=DSCP_VALUE
Custom DSCP value from 0-63 range.
--name=NAME
An optional name for the network policy rule.
--network-policy-region=NETWORK_POLICY_REGION
Region of the network policy to create. Overrides the default compute/region property value for this command invocation.
--src-ip-ranges=[SRC_IP_RANGE,…]
CIDR IP address range.
--target-secure-tags=[TARGET_SECURE_TAGS,…]
An optional, list of target secure tags with a name of the format tagValues/ or full namespaced name
--target-service-accounts=[TARGET_SERVICE_ACCOUNTS,…]
List of target service accounts for the rule.
GCLOUD WIDE FLAGS
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.

Run $ gcloud help for details.

NOTES
This command is currently in alpha and might change without notice. If this command fails with API permission errors despite specifying the correct project, you might be trying to access an API with an invitation-only early access allowlist.