Menu
my yaml template is as follows, I want to add firewall property to allow http traffic:
resources:
- name: deployed-vm2222
type: compute.v1.instance
properties:
zone: us-central1-f
machineType: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-f/machineTypes/f1-micro
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
336
Create a firewall rule that allows traffic on HTTP (tcp/80) to any address and add network tag on juice-shop. In this step, you have to create a firewall rule that allows traffic on HTTP (tcp/80) to any address. In the GCP Console go to Navigation Menu >VPC Network > Firewall. Click Create firewall rule.
Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security. In the navigation pane, click Inbound Rules. Click Action, and then click New rule. On the Rule Type page of the New Inbound Rule Wizard, click Custom, and then click Next.
Overview. Google Cloud Platform (GCP) firewall rules let you allow or deny traffic to and from your virtual machine (VM) instances based on a configuration you specify. By creating a firewall rule, you specify a Virtual Private Cloud (VPC) network and a set of components that define what the rule does.
In the firewall, we use:
targetTags: ["http"]
Then, in the instance, we use:
tags:
items: ["http"]
The complete file can be as shown:
resources:
- name: default-allow-http
type: compute.v1.firewall
properties:
targetTags: ["http"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["80"]
- name: vm-test
type: compute.v1.instance
properties:
zone: xxxx
machineType: xxxx
tags:
items: ["http"]
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
diskName: xxxx
sourceImage: xxxx
networkInterfaces:
- network: xxxx
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
A couple things to note when performing this action, make sure the instance is correctly tagged to enable the labelling to be applied. For example, tagging the instance, http-server or https-server ensure the firewall is aware it is processing public traffic.
Adding a firewall entry can be achieved in the following way.
resources:
- name: instance
type: xxxxxxxx
properties:
zone: us-east1-b
tags:
items: ["http-server", "tensorboard"]
- name: default-allow-http
type: compute.v1.firewall
properties:
network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
targetTags: ["http-server"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["80"]
- name: default-allow-tensorboard
type: compute.v1.firewall
properties:
network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
targetTags: ["tensorboard"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["6006"]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
