1

Does anyone know if it's possible to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?

For example, I want to prevent users from creating firewall rules that use 'any' as a source for ports such as SSH, RDP, SQL, and so on.

Dave M
  • 4,514
  • 22
  • 31
  • 30
user3723206
  • 13
  • 2

1 Answers1

0

Yes, it is possible to deny traffic from source "any" for specific protocols / ports. Refer to the below screenshot.

Refer to the screenshot

Hierarchical firewall policies are created at organization and folder nodes. Creating a policy does not automatically apply the rules to the node. Policies once created can be applied to any nodes in the organization. As said in the specifications of the Hierarchical firewall policies

Hierarchical firewall policies are containers for firewall rules. When you associate a policy with the organization or a folder, all rules are immediately applied. You can swap policies for a node, which automatically swaps all the firewall rules applied to virtual machine (VM) instances under that node. Each hierarchical firewall policy rule can include either IPv4 or IPv6 ranges, but not both.

Refer to the Create a Firewall Rule.

Khaja Shaik
  • 16
  • 1
  • TYVM for the info and links - greatly appreciated – user3723206 Jul 23 '21 at 15:21
  • 1
    @user3723206 - Although the information in this answer is good, it does not answer the question **How to create an organizational policy that would prevent the use of having a source set to 'any' for specific ports on firewall rules in GCP?**. To create such a policy requires using the CLI **gcloud** which this answer does not cover or even mention. I would like to see an answer with a real solution and not links to site documentation. Please uncheck the accept for this answer. – John Hanley Jul 23 '21 at 16:18