Google Cloud Security: Creating Firewall Rules on a VPC Network

I will configure two different firewall rules: (1) to allow SSH access to all instances on the network, and (2) another one using specific network tags to only allow ICMP (ping) access to one instance, and only from a specific subnet. This will show using both wide-scope and narrow-scope firewall rules.

Allow SSH Access to all Virtual Machine Instances

Scroll Down to VPC Network and click on Firewall rules and createa firewall rule and name it “allow-ssh”


In the Network dropdown menu, select “custom-vpc”

Targets: Select,”All instances in the network”

Source IP Range: Type, “0.0.0.0/0”

Protocols and ports: select “Specified protocols and ports”

tcp: “22”

Apply Network Tag to VM

Select, Compute Engine and click on “instance-2”

Scroll Down to Network tags and enter “icmp-allow”


Create a narrow-scope firewall rule for virtuam machine “instance-2”

Go back to your firewall menu, and create a new rule and name rule “allow-icmp”

Choose the custom-vpc network
In the Targets dropdown menu, set to specified target tags if not already the default

In the Target tags field, type icmp-allow and hit Enter
In the Source filter dropdown, choose IP Range
Enter the IP range of our subnet-a subnet
In Protocols and ports, choose Specified protocols and ports
Place a check in Other protocols, and type in icmp (there is no port number for ICMP

Test ICMP Firewall Rule

Go back to Compute Engine and test this rule through the other virtuam machine instances

instance-1a

You will see that I can ping “instance-2” from ssh terminal of the this instance.

instance-1b

You will see that I can ping “instance-2” from ssh terminal of the this instance.

instance-3

You will see that when you ping “instance-2” from ssh terminal of the this instance, that it will pause for a long time and evenually time out. Because the rule to source traffic from subnet-a only.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: