default firewall rules not executed on gcloud compute engine

Question

I notice something weird behavior on my gcloud compute engine" this default firewall rules has no effect:

> $ gcloud compute --project "plop" firewall-rules
> describe default-allow-http allowed:
> - IPProtocol: tcp   ports:
>   - '80' creationTimestamp: '2018-07-26T05:17:16.627-07:00' description: '' direction: INGRESS kind: compute#firewall name:
> default-allow-http network:
> https://www.googleapis.com/compute/v1/projects/plop/global/networks/default
> priority: 1000 selfLink:
> https://www.googleapis.com/compute/v1/projects/plop/global/firewalls/default-allow-http
> sourceRanges:
> - 0.0.0.0/0 targetTags:
> - http-server

And I have add this one:

> $ gcloud compute --project "plop" firewall-rules
> describe web allowed:
> - IPProtocol: tcp   ports:
>   - '80' creationTimestamp: '2018-06-26T01:48:18.068-07:00' description: '' direction: INGRESS kind: compute#firewall name: web
> network:
> https://www.googleapis.com/compute/v1/projects/plop/global/networks/default
> priority: 1000 selfLink:
> https://www.googleapis.com/compute/v1/projects/plop/global/firewalls/web
> sourceRanges:
> - 0.0.0.0/0
>

Seems to me those two rules are identical though, any idea why ?

score 3 · Accepted Answer · answered Aug 17 '18 at 15:25

The first firewall rule default-allow-http is the default one in Google Cloud platform that you will find in any project. The second one is like the first one it's ingress allowing http (Port 80), the only difference is just the first one is having a Target, The firewall rule applies only to VMs with a matching network tag.

Again the second firewall web will be applied to any VMs in the default network, because there is no Target specified.

default firewall rules not executed on gcloud compute engine

1 Answers1