Possible to create policy limiting firewall rules in GCP?

user3723206

11/22/22, 6:41 PM

Does anyone know if it's possible to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?

For example, I want to prevent users from creating firewall rules that use 'any' as a source for ports such as SSH, RDP, SQL, and so on.

1 + 0

firewall

google-cloud-platform

content-security-policy

Score:0

Server

Khaja Shaik

11/23/22, 2:02 PM

Yes, it is possible to deny traffic from source "any" for specific protocols / ports. Refer to the below screenshot.

Refer to the screenshot

Hierarchical firewall policies are created at organization and folder nodes. Creating a policy does not automatically apply the rules to the node. Policies once created can be applied to any nodes in the organization. As said in the specifications of the Hierarchical firewall policies

Hierarchical firewall policies are containers for firewall rules. When you associate a policy with the organization or a folder, all rules are immediately applied. You can swap policies for a node, which automatically swaps all the firewall rules applied to virtual machine (VM) instances under that node. Each hierarchical firewall policy rule can include either IPv4 or IPv6 ranges, but not both.

Refer to the Create a Firewall Rule.

0 + 2

user3723206

11/23/22, 3:21 PM

TYVM for the info and links - greatly appreciated

John Hanley

11/23/22, 4:18 PM

@user3723206 - Although the information in this answer is good, it does not answer the question **How to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?**. To create such a policy requires using the CLI **gcloud** which this answer does not cover or even mention. I would like to see an answer with a real solution and not links to site documentation. Please uncheck the accept for this answer.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Possible to create policy limiting firewall rules in GCP?

TH: สามารถสร้างนโยบายจำกัดกฎไฟร์วอลล์ใน GCP ได้หรือไม่

RO: Este posibil să creați reguli de limitare a politicilor pentru firewall în GCP?

RU: Можно ли создать политику, ограничивающую правила брандмауэра в GCP?

VI: Có thể tạo các quy tắc tường lửa giới hạn chính sách trong GCP không?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.