Protect your project
As a project owner, you are responsible for securing your project. Setting up a firewall is the first step toward making your project secure. Firewalls control incoming traffic and secure your project from unauthorized access. You can set up firewalls at the project level and for individual instances. Project firewalls control traffic for all the instances within the project, and instance firewalls control the traffic for the instance only.
These instructions describe how to use the Cloud Platform Console to set up a firewall for your project. But if you prefer, you can set up your firewall using gcloud. For information about using gcloud to set up a firewall rule, see Add a firewall rule in the Google Compute Engine documentation.
To create a project firewall:
- Go to the Cloud Platform Console.
- From the projects list, select the name of the project that you want to set up a firewall for.
- Open the left side menu and select Networking.
- On the left, select Firewall rules, and then click CREATE FIREWALL RULE.
- Enter a Name and, optionally, a Description for the firewall rule. (The name must be unique to the project and it can have letters, numbers, or a dash, but it must be lowercase, begin with a letter, and not end with a dash.)
- Select the Network the firewall rule applies to.
Select the Source filter. The firewall will allow traffic from the source IP ranges or tags selected. It's a good security practice to allow access only to the ports your application needs. For more information about firewalls, see Firewalls in the Google Compute Engine documentation.
Warning: If you select Allow from any source 0.0.0.0/0, any source on the internet can establish connection to your instance. We strongly recommend instead that you update your firewall settings to the most restrictive settings possible based on your needs.
- The next setting varies depending on what you selected as your source filter. You will need to specify the Source IP ranges, Source tags, or Subnetworks for your firewall to filter on.
- Set the Allowed protocols and ports and, optionally, the Target tags.
- Click Create.
Note: We strongly recommend that you also set up instance firewalls. For information about securing an instance, see What can I do to protect my instance?