You need to:
Go to cloud.google.com
Go to my Console
Choose your Project
Choose Networking > VPC network
Choose "Firewall"
Choose "Create Firewall Rule"
To apply the rule to select VM instances, select Targets > "Specified target tags", and enter into "Target tags" the name of the tag. This tag will be used to apply the new firewall rule onto whichever instance you'd like. Then, make sure the instances have the network tag applied.
Set Source IP ranges to allow traffic from all IPs: 0.0.0.0/0
To allow incoming TCP connections to port 9090, in "Protocols and Ports", check “tcp” and enter 9090
Click Create (or click “Equivalent Command Line” to show the gcloud
command to create the same rule)
I hope this helps you.
Update Please refer to docs to customize your rules.
Here is the command-line approach to answer this question:
gcloud compute firewall-rules create <rule-name> --allow tcp:9090 --source-tags=<list-of-your-instances-names> --source-ranges=0.0.0.0/0 --description="<your-description-here>"
This will open the port 9090
for the instances that you name. Omitting --source-tags
and --source-ranges
will apply the rule to all instances. More details are in the Gcloud documentation and the firewall-rule create
command manual
The previous answers are great, but Google recommends using the newer gcloud
commands instead of the gcutil
commands.
PS:
To get an idea of Google's firewall rules, run gcloud compute firewall-rules list
and view all your firewall rules
Creating firewall rules
Please review the firewall rule components [1] if you are unfamiliar with firewall rules in GCP. Firewall rules are defined at the network level, and only apply to the network where they are created; however, the name you choose for each of them must be unique to the project.
For Cloud Console:
Specify the Targets of the rule.
For an ingress rule, specify the Source filter:
For an egress rule, specify the Destination filter:
Define the Protocols and ports to which the rule will apply:
Select Allow all or Deny all, depending on the action, to have the rule apply to all protocols and ports.
Define specific protocols and ports:
(Optional) You can create the firewall rule but not enforce it by setting its enforcement state to disabled. Click Disable rule, then select Disabled.
(Optional) You can enable firewall rules logging:
Click Create.
Link: [1] https://cloud.google.com/vpc/docs/firewalls#firewall_rule_components
You'll need to add a firewall rule to open inbound access to tcp:9090
to your instances. If you have more than the two instances, and you only want to open 9090 to those two, you'll want to make sure that there is a tag that those two instances share. You can add or update tags via the console or the command-line; I'd recommend using the GUI for that if needed because it handles the read-modify-write cycle with setinstancetags
.
If you want to open port 9090 to all instances, you can create a firewall rule like:
gcutil addfirewall allow-9090 --allowed=tcp:9090
which will apply to all of your instances.
If you only want to open port 9090 to the two instances that are serving your application, make sure that they have a tag like my-app
, and then add a firewall like so:
gcutil addfirewall my-app-9090 --allowed=tcp:9090 --target_tags=my-app
You can read more about creating and managing firewalls in GCE here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With