The GCE header designation has the following format:
target:: gce [filter name] [direction]
- filter name: defines the name of the gce filter.
- direction: defines the direction, valid inputs are INGRESS and EGRESS (default:INGRESS)
- action:: The action to take when matched. See Actions section for valid options.
- comment:: A text comment enclosed in double-quotes. The comment can extend over multiple lines if desired, until a closing quote is encountered.
- destination-address:: One or more destination address tokens
- destination-exclude:: Exclude one or more address tokens from the specified destination-address
- destination-port:: One or more service definition tokens
- destination_tag:: Tag name to be used for destination filtering.
- expiration:: stop rendering this term after specified date. YYYY-MM-DD
- name:: Name of the term.
- option:: See platforms supported Options section.
- owner:: Owner of the term, used for organizational purposes.
- priority Relative priority of rules when evaluated on the platform.
- protocol:: the network protocols this term will match, such as tcp, udp, icmp, or a numeric value.
- source-address:: one or more source address tokens.
- source-exclude:: exclude one or more address tokens from the specified source-address.
- source-port:: one or more service definition tokens.
- source-service-accounts:: A service account that the term applies to.
- source-tag:: Tag name used for source filtering.
- target-service-accounts:: A service account that may make network connections.
- accept
- deny