GCP MCP

Overview Schema Related Servers Score Discussions

create_firewall_rule

Create a firewall rule in a GCP project to control traffic direction, specify allowed or denied protocols, and define source or destination ranges for network security.

Instructions

    Create a firewall rule in a GCP project.
    
    Args:
        project_id: The ID of the GCP project
        name: The name of the firewall rule
        network: The name of the network to create the firewall rule for
        direction: The direction of traffic to match ('INGRESS' or 'EGRESS')
        priority: The priority of the rule (lower number = higher priority, 0-65535)
        source_ranges: Optional list of source IP ranges (for INGRESS)
        destination_ranges: Optional list of destination IP ranges (for EGRESS)
        allowed_protocols: Optional list of allowed protocols, e.g. [{"IPProtocol": "tcp", "ports": ["80", "443"]}]
        denied_protocols: Optional list of denied protocols, e.g. [{"IPProtocol": "tcp", "ports": ["22"]}]
        target_tags: Optional list of target instance tags
        source_tags: Optional list of source instance tags (for INGRESS)
        description: Optional description for the firewall rule
    
    Returns:
        Result of the firewall rule creation

Input Schema

TableJSON Schema

Name	Required	Description	Default
`allowed_protocols`	No
`denied_protocols`	No
`description`	No
`destination_ranges`	No
`direction`	Yes
`name`	Yes
`network`	Yes
`priority`	Yes
`project_id`	Yes
`source_ranges`	No
`source_tags`	No
`target_tags`	No

Implementation Reference

src/gcp_mcp/gcp_modules/networking/tools.py:179-276 (handler)

The handler function decorated with @mcp.tool() that implements the logic to create a GCP firewall rule using the Compute Engine FirewallsClient. Includes type hints and docstring defining the input schema.

    @mcp.tool()
    def create_firewall_rule(project_id: str, name: str, network: str, direction: str, priority: int, 
                           source_ranges: Optional[List[str]] = None, destination_ranges: Optional[List[str]] = None,
                           allowed_protocols: Optional[List[Dict[str, Any]]] = None, denied_protocols: Optional[List[Dict[str, Any]]] = None,
                           target_tags: Optional[List[str]] = None, source_tags: Optional[List[str]] = None, 
                           description: Optional[str] = None) -> str:
        """
        Create a firewall rule in a GCP project.
        
        Args:
            project_id: The ID of the GCP project
            name: The name of the firewall rule
            network: The name of the network to create the firewall rule for
            direction: The direction of traffic to match ('INGRESS' or 'EGRESS')
            priority: The priority of the rule (lower number = higher priority, 0-65535)
            source_ranges: Optional list of source IP ranges (for INGRESS)
            destination_ranges: Optional list of destination IP ranges (for EGRESS)
            allowed_protocols: Optional list of allowed protocols, e.g. [{"IPProtocol": "tcp", "ports": ["80", "443"]}]
            denied_protocols: Optional list of denied protocols, e.g. [{"IPProtocol": "tcp", "ports": ["22"]}]
            target_tags: Optional list of target instance tags
            source_tags: Optional list of source instance tags (for INGRESS)
            description: Optional description for the firewall rule
        
        Returns:
            Result of the firewall rule creation
        """
        try:
            from google.cloud import compute_v1
            
            # Initialize the Compute Engine client for firewall
            client = compute_v1.FirewallsClient()
            
            # Create the firewall resource
            firewall = compute_v1.Firewall()
            firewall.name = name
            firewall.network = f"projects/{project_id}/global/networks/{network}"
            firewall.direction = direction
            firewall.priority = priority
            
            if description:
                firewall.description = description
            
            # Set source/destination ranges based on direction
            if direction == "INGRESS" and source_ranges:
                firewall.source_ranges = source_ranges
            elif direction == "EGRESS" and destination_ranges:
                firewall.destination_ranges = destination_ranges
            
            # Set allowed protocols
            if allowed_protocols:
                firewall.allowed = []
                for protocol in allowed_protocols:
                    allowed = compute_v1.Allowed()
                    allowed.I_p_protocol = protocol["IPProtocol"]
                    if "ports" in protocol:
                        allowed.ports = protocol["ports"]
                    firewall.allowed.append(allowed)
            
            # Set denied protocols
            if denied_protocols:
                firewall.denied = []
                for protocol in denied_protocols:
                    denied = compute_v1.Denied()
                    denied.I_p_protocol = protocol["IPProtocol"]
                    if "ports" in protocol:
                        denied.ports = protocol["ports"]
                    firewall.denied.append(denied)
            
            # Set target tags
            if target_tags:
                firewall.target_tags = target_tags
            
            # Set source tags
            if source_tags and direction == "INGRESS":
                firewall.source_tags = source_tags
            
            # Create the firewall rule
            operation = client.insert(project=project_id, firewall_resource=firewall)
            
            return f"""
Firewall rule creation initiated:
- Name: {name}
- Network: {network}
- Direction: {direction}
- Priority: {priority}
- Description: {description or 'None'}
- Source Ranges: {source_ranges or 'None'}
- Destination Ranges: {destination_ranges or 'None'}
- Allowed Protocols: {allowed_protocols or 'None'}
- Denied Protocols: {denied_protocols or 'None'}
- Target Tags: {target_tags or 'None'}
- Source Tags: {source_tags or 'None'}

Operation ID: {operation.id}
Status: {operation.status}
"""
        except Exception as e:
            return f"Error creating firewall rule: {str(e)}"

src/gcp_mcp/server.py:48-48 (registration)
The call to register_tools on the networking tools module, which executes the @mcp.tool() decorators to register the create_firewall_rule tool with the MCP server.
```
networking_tools.register_tools(mcp)
```

Tool Definition Quality

B3.3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states this is a creation operation, implying mutation, but doesn't mention required permissions, whether it's idempotent, potential side effects (e.g., network security changes), rate limits, or what happens on failure. The return statement is vague ('Result of the firewall rule creation'). For a mutation tool with zero annotation coverage, this is insufficient.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections (purpose, args, returns) and uses bullet-like formatting for parameters. Every sentence earns its place by providing essential information. It could be slightly more concise by avoiding the boilerplate 'Args:' and 'Returns:' labels, but overall it's efficient and front-loaded.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (12 parameters, mutation operation, no annotations, no output schema), the description is partially complete. It excels at parameter documentation but lacks crucial behavioral context like permissions, side effects, error handling, and return value details. The parameter coverage is excellent, but other aspects are underdeveloped for a tool of this complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description provides excellent parameter semantics beyond the schema. With 0% schema description coverage, the description compensates fully by explaining all 12 parameters, including optional/required status, data types, examples (e.g., for allowed_protocols), and conditional relationships (e.g., source_ranges for INGRESS, destination_ranges for EGRESS). This adds substantial value beyond the bare schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Create a firewall rule') and resource ('in a GCP project'), which is specific and unambiguous. However, it doesn't differentiate from sibling tools like 'list_firewall_rules' or mention any unique aspects of this creation operation beyond the basic verb+resource.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. There's no mention of prerequisites (e.g., network must exist), when not to use it, or how it relates to sibling tools like 'list_firewall_rules' or other GCP management tools. The description only states what it does, not when to use it.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

list_firewall_rulesB
@henihaddad/gcp-mcp
VPS_createFirewallRuleV1A
@hostinger/api-mcp-server
cloudflare-dns-mcp_create_security_ruleC
@jeffgolden/cloudflare_mcp
create_firewall_ruleC
@phantosmax/cloudstack-mcp-server
create_firewall_ruleC
@vespo92/OPNSenseMCP
create_firewall_presetC
@vespo92/OPNSenseMCP

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/henihaddad/gcp-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server