Here’s another way to create a firewall in GCP using network tag as targets.
gcloud compute firewall-rules create "firewall-name" \
--description="egress rule to allow port 8000 to destination" \
--priority "1000" \
--direction EGRESS \
--action allow \
--network "your-network" \
--target-tags="your-network-tag" \
--destination-ranges="10.0.0.1/32" \
--rules tcp:8000