Creating VPC firewall rules
GCP firewall rules are stateful, meaning that you only need to create one rule for the originating traffic. However, you may have traffic originate from both the Internet and your GCP resources. This requires you to create both an egress and ingress rule for each VPC network.
To create ingress rules:
- In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
- In the Name field, enter the desired name.
- From the Network dropdown list, select the desired network to associate with this firewall rule.
- For Direction of Traffic, select Ingress.
- For Action on match, select Allow.
- From the Targets dropdown list, select All instances in the network.
- In the Source IP ranges field, enter 0.0.0.0/0.
- For Protocols and ports, click Allow all, then click Create.
- Repeat steps 1-8 for the remaining three networks in your VPC.
To create egress rules:
- In the GCP console, go to VPC networks > Firewall Rules. Click Create Firewall Rule.
- In the Name field, enter the desired name.
- From the Network dropdown list, select the desired network to associate with this firewall rule.
- For Direction of Traffic, select Egress.
- For Action on match, select Allow.
- From the Targets dropdown list, select All instances in the network.
- In the Source IP ranges field, enter 0.0.0.0/0.
- For Protocols and ports, click Allow all, then click Create.
- Repeat steps 1-8 for the remaining three networks in your VPC.
Now you have a total of eight GCP firewall rules.