create_firewall_rule
Create a firewall rule in a GCP project to control traffic direction, specify allowed or denied protocols, and define source or destination ranges for network security.
Instructions
Create a firewall rule in a GCP project.
Args:
project_id: The ID of the GCP project
name: The name of the firewall rule
network: The name of the network to create the firewall rule for
direction: The direction of traffic to match ('INGRESS' or 'EGRESS')
priority: The priority of the rule (lower number = higher priority, 0-65535)
source_ranges: Optional list of source IP ranges (for INGRESS)
destination_ranges: Optional list of destination IP ranges (for EGRESS)
allowed_protocols: Optional list of allowed protocols, e.g. [{"IPProtocol": "tcp", "ports": ["80", "443"]}]
denied_protocols: Optional list of denied protocols, e.g. [{"IPProtocol": "tcp", "ports": ["22"]}]
target_tags: Optional list of target instance tags
source_tags: Optional list of source instance tags (for INGRESS)
description: Optional description for the firewall rule
Returns:
Result of the firewall rule creation
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| allowed_protocols | No | ||
| denied_protocols | No | ||
| description | No | ||
| destination_ranges | No | ||
| direction | Yes | ||
| name | Yes | ||
| network | Yes | ||
| priority | Yes | ||
| project_id | Yes | ||
| source_ranges | No | ||
| source_tags | No | ||
| target_tags | No |
Implementation Reference
- The handler function decorated with @mcp.tool() that implements the logic to create a GCP firewall rule using the Compute Engine FirewallsClient. Includes type hints and docstring defining the input schema.
@mcp.tool() def create_firewall_rule(project_id: str, name: str, network: str, direction: str, priority: int, source_ranges: Optional[List[str]] = None, destination_ranges: Optional[List[str]] = None, allowed_protocols: Optional[List[Dict[str, Any]]] = None, denied_protocols: Optional[List[Dict[str, Any]]] = None, target_tags: Optional[List[str]] = None, source_tags: Optional[List[str]] = None, description: Optional[str] = None) -> str: """ Create a firewall rule in a GCP project. Args: project_id: The ID of the GCP project name: The name of the firewall rule network: The name of the network to create the firewall rule for direction: The direction of traffic to match ('INGRESS' or 'EGRESS') priority: The priority of the rule (lower number = higher priority, 0-65535) source_ranges: Optional list of source IP ranges (for INGRESS) destination_ranges: Optional list of destination IP ranges (for EGRESS) allowed_protocols: Optional list of allowed protocols, e.g. [{"IPProtocol": "tcp", "ports": ["80", "443"]}] denied_protocols: Optional list of denied protocols, e.g. [{"IPProtocol": "tcp", "ports": ["22"]}] target_tags: Optional list of target instance tags source_tags: Optional list of source instance tags (for INGRESS) description: Optional description for the firewall rule Returns: Result of the firewall rule creation """ try: from google.cloud import compute_v1 # Initialize the Compute Engine client for firewall client = compute_v1.FirewallsClient() # Create the firewall resource firewall = compute_v1.Firewall() firewall.name = name firewall.network = f"projects/{project_id}/global/networks/{network}" firewall.direction = direction firewall.priority = priority if description: firewall.description = description # Set source/destination ranges based on direction if direction == "INGRESS" and source_ranges: firewall.source_ranges = source_ranges elif direction == "EGRESS" and destination_ranges: firewall.destination_ranges = destination_ranges # Set allowed protocols if allowed_protocols: firewall.allowed = [] for protocol in allowed_protocols: allowed = compute_v1.Allowed() allowed.I_p_protocol = protocol["IPProtocol"] if "ports" in protocol: allowed.ports = protocol["ports"] firewall.allowed.append(allowed) # Set denied protocols if denied_protocols: firewall.denied = [] for protocol in denied_protocols: denied = compute_v1.Denied() denied.I_p_protocol = protocol["IPProtocol"] if "ports" in protocol: denied.ports = protocol["ports"] firewall.denied.append(denied) # Set target tags if target_tags: firewall.target_tags = target_tags # Set source tags if source_tags and direction == "INGRESS": firewall.source_tags = source_tags # Create the firewall rule operation = client.insert(project=project_id, firewall_resource=firewall) return f""" Firewall rule creation initiated: - Name: {name} - Network: {network} - Direction: {direction} - Priority: {priority} - Description: {description or 'None'} - Source Ranges: {source_ranges or 'None'} - Destination Ranges: {destination_ranges or 'None'} - Allowed Protocols: {allowed_protocols or 'None'} - Denied Protocols: {denied_protocols or 'None'} - Target Tags: {target_tags or 'None'} - Source Tags: {source_tags or 'None'} Operation ID: {operation.id} Status: {operation.status} """ except Exception as e: return f"Error creating firewall rule: {str(e)}" - src/gcp_mcp/server.py:48-48 (registration)The call to register_tools on the networking tools module, which executes the @mcp.tool() decorators to register the create_firewall_rule tool with the MCP server.
networking_tools.register_tools(mcp)