Score:2

How to add a firewall rule per country in google cloud?

cn flag

I need to allow my trafic just from my country. How can I do it? I know that I can create a rule specifying the IP range, but there are more than 1600 IP ranges to add. Is there any "easy" way?

vn flag
This is rarely a good idea. You'll have lots of false positives and false negatives, and there'll be folks temporarily out of the country who may still need to access your site. Is it actually a *problem* if someone from another country loads the site?
Score:3
cn flag

Google Cloud VPC Firewall rules do not support geolocation.

To enable geolocation-based blocking you have several options:

  • Implement a third-party software solution.
  • Deploy a Google Cloud HTTP(S) Load Balancer and Cloud Armor.

Interesting article on third-party add-ons:

How to Block IPs from Countries using Iptables Geoip Addons

Google Cloud Armor supports ISO 3166-1 country codes for geolocation-based rules (deny/allow).

Cloud Armor: Allow or deny traffic from a specific region

Your question mentions more than 1600 IP ranges. Internet routing changes by the second and IP addresses can be remapped from one side of the world to another effortlessly today via BGP. As soon as you created a rule set, it would be incorrect quickly.

I do not recommended geolocation based blocking. VPNs hide the true source of traffic. During Internet outages, traffic can be rerouted. If your goal is to block traffic from bad actors, subscribe to an IP based rules list and block specific IP addresses for 24 hours and then refresh the rules list. If someone wants to access a geoblocked site, its takes about five minutes to georelocate traffic and defeat your blocking.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.