creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 13:44:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-gcp-vpc-firewall-rules/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

58 lines
2.3 KiB
Markdown
Raw Blame History

# API Reference: Implementing GCP VPC Firewall Rules
## Libraries
### google-cloud-compute
- **Install**: `pip install google-cloud-compute`
- **Docs**: https://cloud.google.com/python/docs/reference/compute/latest
### Key Classes and Methods
| Class | Method | Description |
|-------|--------|-------------|
| `FirewallsClient` | `list(project)` | List all firewall rules |
| `FirewallsClient` | `get(project, firewall)` | Get rule details |
| `FirewallsClient` | `insert(project, firewall_resource)` | Create rule |
| `FirewallsClient` | `patch(project, firewall, firewall_resource)` | Update rule |
| `FirewallsClient` | `delete(project, firewall)` | Delete rule |
| `NetworksClient` | `list(project)` | List VPC networks |
### Firewall Rule Object Fields
- `name` -- Rule name (unique per project)
- `network` -- VPC network path
- `direction` -- `INGRESS` or `EGRESS`
- `priority` -- 0 (highest) to 65535 (lowest)
- `allowed[]` -- Protocol and port combinations to allow
- `denied[]` -- Protocol and port combinations to deny
- `source_ranges[]` -- Source CIDR ranges for ingress
- `destination_ranges[]` -- Destination CIDRs for egress
- `target_tags[]` -- Network tags to apply rule to
- `source_tags[]` -- Source instance tags
- `disabled` -- Boolean to disable without deleting
- `log_config.enable` -- Enable firewall rule logging
## Priority Ranges (Best Practice)
- 0-999: Emergency/override rules
- 1000-9999: Organization policies
- 10000-49999: Application-specific rules
- 50000-64999: Default deny rules
- 65534: Implied allow egress (GCP default)
- 65535: Implied deny ingress (GCP default)
## gcloud CLI Equivalents
- `gcloud compute firewall-rules list`
- `gcloud compute firewall-rules create NAME --allow tcp:22 --source-ranges 10.0.0.0/8`
- `gcloud compute firewall-rules delete NAME`
- `gcloud compute firewall-rules update NAME --disabled`
## Hierarchical Firewall Policies
- Organization-level: `compute.firewallPolicies`
- Folder-level: Applied via `compute.firewallPolicies.addAssociation`
- Evaluation order: Organization > Folder > VPC rules
## External References
- VPC Firewall Rules: https://cloud.google.com/vpc/docs/firewalls
- Firewall Policies: https://cloud.google.com/vpc/docs/firewall-policies
- VPC Flow Logs: https://cloud.google.com/vpc/docs/using-flow-logs
- Cloud Armor WAF: https://cloud.google.com/armor/docs
Reference in New Issue View Git Blame Copy Permalink