Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for firewall

May 28, 2020

GCP Create Firewall with Tags

Here’s another way to create a firewall in GCP using network tag as targets.

gcloud compute firewall-rules create "firewall-name" \
    --description="egress rule to allow port 8000 to destination" \
    --priority "1000" \
    --direction EGRESS \
    --action allow \
    --network "your-network" \
    --target-tags="your-network-tag" \
    --destination-ranges="10.0.0.1/32" \
    --rules tcp:8000

gcloud compute firewall-rules create "firewall-name" \ --description="egress rule to allow port 8000 to destination" \ --priority "1000" \ --direction EGRESS \ --action allow \ --network "your-network" \ --target-tags="your-network-tag" \ --destination-ranges="10.0.0.1/32" \ --rules tcp:8000

February 26, 2020

GCP SDK Firewall Rule AH and ESP

Here’s how to add a GCP firewall rule with the AH (authentication header) and ESP (Encapsulating Security Payload) protocols.

gcloud compute firewall-rules update "firewall-name" \
    --description="firewall description" \
    --priority "1000" \
    --target-service-accounts="service-account@gserviceaccount.com" \
    --destination-ranges="10.0.0.0/8" \
    --rules 50,51,tcp:80,udp:1000

gcloud compute firewall-rules update "firewall-name" \ --description="firewall description" \ --priority "1000" \ --target-service-accounts="service-account@gserviceaccount.com" \ --destination-ranges="10.0.0.0/8" \ --rules 50,51,tcp:80,udp:1000

There is no need to add protocols for AH and ESP. Just the port numbers.

February 23, 2020

GCP SDK Firewall Update

Here’s how to update an existing GCP firewall.

Ingress

gcloud compute firewall-rules update "firewall-rule-name" \
--description="firewall description" \
--priority="1000"
--target-service-accounts="service-account@gserviceaccount.com" \
--source-ranges="10.0.0.0/8"
--rules tcp:80,tcp:443,udp:1000-1100

gcloud compute firewall-rules update "firewall-rule-name" \ --description="firewall description" \ --priority="1000" --target-service-accounts="service-account@gserviceaccount.com" \ --source-ranges="10.0.0.0/8" --rules tcp:80,tcp:443,udp:1000-1100

Egress

gcloud compute firewall-rules update "firewall-rule-name" \
--description="firewall description" \
--priority="1000"
--target-service-accounts="service-account@gserviceaccount.com" \
--destination-ranges="10.0.0.0/8"
--rules tcp:80,tcp:443,udp:1000-1100

gcloud compute firewall-rules update "firewall-rule-name" \ --description="firewall description" \ --priority="1000" --target-service-accounts="service-account@gserviceaccount.com" \ --destination-ranges="10.0.0.0/8" --rules tcp:80,tcp:443,udp:1000-1100

  • 1
  • 2
  • 3
  • Next Page »
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021