2

is there a way to geo block China from connecting my GCP VMs?

I see this item in my billing:

Network Internet Egress from Americas to China

Can I block the whole lot?

Is there a way to investigate what kind of IPs are connecting? (I know you can add logging rules to the GCP firewall but I am fuzzy on the details)..

If none of the above possible - is there a public list of rules for Linux firewalls (CentOS 8) to block IPs by countries?

Boppity Bop
  • 752
  • 3
  • 11
  • 34

2 Answers2

2

There are several ways to achieve your use case. With GCP product, you can use Cloud Armor for a location-based traffic filtering through its Web Application Firewall.

Here are several threads that can also help you on your use case:

  1. https://stackoverflow.com/questions/23682114/google-app-engine-block-incoming-traffic-by-country
  2. Relatively easy way to block all traffic from a specific country?
  3. https://stackoverflow.com/questions/29704635/allow-only-specific-countries-to-connect-to-vm
  4. https://stackoverflow.com/questions/26168240/google-cloud-block-incoming-connections
  5. https://stackoverflow.com/questions/35000410/block-offending-ip-from-google-compute-instance
Alex G
  • 325
  • 1
  • 7
1

You can use Cloud Armor Network Security ($$$), or opt to download all the IP addresses/rages for China (using a country IP database range provider (many on the internet)) and deny all the source IP ranges using a GCP VPC firewall rule or policy (FREE). Both options are very simple to do.

Harold Callahan
  • 11
  • 2