Firewall rules are defined at the network level, and only apply to the network where they are created. To create inbound firewall rules for a VPC network, perform the steps on this procedure.

Prerequisites

  • Ensure you have a Google account and access/login information to the Google Cloud Platform (GCP) Console.
  • Ensure you have created the VPC networks.
  • Review the firewall rule components and ensure to become familiar with firewall configuration components as used in Google Cloud.

Procedure

  1. Log on to the GCP Console.
  2. Click VPC Networks.
    The VPC Networks page appears.
  3. Click on the VPC network for which you want to add firewall rules.
    The VPC network details page for the selected VPC network appears.
  4. Go to the Firewall rules tab and click Add firewall rule.
    The Create a firewall rule page appears.
  5. In the Name textbox, enter a unique name for the firewall rule.
  6. Optionally you can activate firewall logging by clicking On under Logs. By default, firewall logging is deactivated.
  7. For Direction of traffic, choose ingress.
  8. For Action on match, choose Allow or Deny.
  9. From the Targets drop-down menu, select the targets for the rule:
    • If you want the rule to apply to all instances in the network, choose All instances in the network.
    • If you want the rule to apply to select instances by network (target) tags, choose Specified target tags, then type the tags to which the rule should apply into the Target tags textbox.
    • If you want the rule to apply to select instances by associated service account, choose Specified service account, indicate whether the service account is in the current project or another one under Service account scope, and choose or type the service account name in the Target service account field.
  10. From the Source filter drop-down menu, select IP ranges.
  11. In the Source IP ranges textbox, enter the CIDR blocks to define the source for incoming traffic by IP address ranges. Use 0.0.0.0/0 for a source from any network.
  12. Define the Protocols and ports to which the rule will apply:
    • Select Allow all or Deny all, depending on the action, to have the rule apply to all protocols and ports.
    • Define specific protocols and ports:
      • Select tcp to include the TCP protocol and ports. Enter all or a comma delimited list of ports, such as 20-22, 80, 8080.
      • Select udp to include the UDP protocol and ports. Enter all or a comma delimited list of ports, such as 67-69, 123.
      • Select Other protocols to include protocols such as ICMP, VCMP, SNMP, and so on as per the requirement.
  13. (Optional) You can create the firewall rule, but not enforce it by setting its enforcement state to deactivated. Click Deactivate rule, then select Deactivate.
  14. Click Create.

Results

The firewall rules are created for the selected VPC network.

What to do next