google-templates

Open or close server ports

Open server ports for remote access

IMPORTANT: We strongly discourage opening ports to allow inbound connections to the server from a different network. Making the application’s network ports public is a significant security risk. The recommended way for connecting two instances deployed in different networks is by using VPC network peering. If you must make it accessible over a public IP address, we recommend restricting access to a trusted list of source IP addresses and ports using firewall rules. To do so, follow the instructions below.

By default, Google cloud servers have some or all of their ports closed to secure them against external attacks. In some cases, ports needed for specific applications to operate properly are also left open by default.

If you need to access your server remotely, you must first open the necessary port(s) using the Google Console.

Follow the steps below:

  • Log in to the Google Cloud Console using the Google Account associated with your project.

  • Select the “Networking -> VPC network -> Firewall rules” menu.

  • On the resulting page, create a new firewall rule for your network by clicking the “Create firewall rule” button.

    Firewall section

  • Enter details for the new firewall rule using the guidelines below:

    • Name: Use a human-readable name that makes it easy to identify the rule

    • Description: Enter a description for the firewall rule (optional)

    • Network: Select the network used by your server

    • Direction of traffic: Select the “Ingress” option

    • Action on match: Select the “Allow” option

    • Source filter: Select the “IP ranges” option

    • Source IP ranges: Specify the IP address ranges that can access your application. We recommend that inbound connections be allowed only from known and trusted IP ranges to permit only secure connections to your server. IP addresses outside this range will be denied access.

      IMPORTANT: Entering 0.0.0.0/0 allows access by anyone on the Internet. This is strongly discouraged and may result in unknown parties gaining access to your application and data.

    • Allowed protocols or ports: Enter the port numbers prefixed by either tcp: or udp:. Use commas to separate multiple port numbers and semi-colons between protocol blocks. For example: tcp:80, 443; udp:8001

  • Click “Create” to save the firewall rule. The new firewall rule will come into effect immediately.

Close server ports and deny remote access

To close a server port and deny remote access to that port, follow these steps:

  • Log in to the Google Cloud Console using the Google Account associated with your project.

  • Select the “Networking -> VPC network -> Firewall rules” menu.

  • Find the firewall rule(s) for the port(s) you wish to close. Select each rule and click the “Edit” button at the top of the page.

  • Remove the ports you wish to close from the “Allowed protocols and ports” list. The change will come into effect immediately.

    Firewall rule

Last modification August 30, 2018