cloud engineer
Here’s one way how to look at traffic hitting a GCP firewall. To view the traffic activity, go to Stackdriver Logging > Viewer. Enter the following search string. Just replace the network name and firewall name.
logName:(projects/project-name/logs/compute.googleapis.com%2Ffirewall) AND jsonPayload.rule_details.reference:("network:network-name/firewall:firewall-name") |
Here’s how to search for AWS Security Groups containing this IP Cidr.
aws ec2 describe-security-groups \ --filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \ --query "SecurityGroups[*].{Name:GroupName}" \ --output text \ --profile default \ --region us-east-1 |
Search with ports.
aws ec2 describe-security-groups \ --filter Name=egress.ip-permission.cidr,Values='10.8.8.8/32' \ Name=egress.ip-permission.from-port,Values='22' \ Name=egress.ip-permission.to-port,Values='22' \ --query "SecurityGroups[*].{Name:GroupName}" \ --output text \ --profile default \ --region us-east-1 |
Query will only display the Security Group name.
Here’s how to add a firewall rule in Google Cloud Platform CLI
gcloud compute firewall-rules create "firewall-name" \ --description="firewall-description" \ --priority "1000" \ --direction INGRESS \ --action allow \ --network "network-name" \ --target-service-accounts="service@account.net" \ --source-ranges="10.0.0.0/8" \ --rules tcp:9001 |
Describe firewall rule.
gcloud compute firewall-rules describe firewall-name |
Delete firewall rule.
gcloud compute firewall-rules delete firewall-name |