Google Cloud - block incoming connections

Is there a way to block incoming connections to Google Cloud from a specific set of IP addresses?

Our company website is hosted on GCE and I would like to block several IPs that are currently scavenging our site. I couldn't find any options under Firewall in the GCE Console.

Thank! Alex


source to share

2 answers

The firewall in GCE is used to "allow" inbound traffic and unfortunately cannot be used to create "block" rules. So almost everything is blocked by default and you need to create rules to allow incoming traffic.

Instead, you can use a firewall on the virtual machine itself. For example, if you are using a Linux instance, you can take a look iptables

. There's a Wikipedia article on this here, but I highly recommend you check out the man pages for details. This way you can create a rule to block one specific IP address, for example.



You can now block inbound traffic from a specific set of IP addresses in the VPC network > firewall rules in the Google Cloud Platform Console. This means that you can apply one blocking rule to all GCEs that are on the same VPC network.

Here are the blocking rule options that I used to block all traffic from a specific set of IP addresses:

Priority: 900 (must be less than your allow rules to override your allow rules when matching a blocked IP)

Direction: Ingress

Match action: Reject

Source Filters: IP Ranges: A comma separated list of IP addresses or IP ranges

Protocols and Ports: Deny All

Execution: Included



All Articles