0

We are migrating to Google Cloud (GCE). We have a SFTP server running on Windows Server. We want to migrate this but we must have a white list filter and block all other SSH login attempts (i was getting hits minutes after install, hackers trying to login).

I can't seem to do it at the Google cloud firewall, because it doesn't allow exclusions for certain ips (it's either all or nothing).

Same thing with Windows Firewall (we are running Server 2016). You can specify allow rules but its worthless because deny rules are interpreted first.

I should be able to install a commercial product, but the first thing they seem to do is block EVERYTHING and now I can't even login.

Any advice or recommendations?

Rob
  • 153
  • 6

1 Answers1

1

Point 9 of the GCP documentation for creating firewall rules says how to specify a source IP for a firewall rule:

  1. For an Ingress rule, specify the Source filter.

Select IP ranges if you want the rule to apply to packets from certain source IP ranges only, then specify those ranges in the Source IP ranges field.

Note that some default rules exist, including a rule allowing SSH from all IPs to all instances, as well as a hidden and implicit "deny all ingress" rule that's evaluated last.

As a result, I recommend editing your firewall rules.

Alex
  • 523
  • 1
  • 4
  • 14
  • Thanks, note that this was created a year ago, and Google has updated their firewall since then. Now if they would only allow comments. – Rob Dec 07 '17 at 13:24