If you are unable to access a service running on your virtual private server, it is likely that the firewall in front of it is blocking the ports you need. We’ll show you how to work with and open ports on a Google Cloud Platform firewall.
How do GCP firewalls work?
Compared to other cloud providers, GCP’s firewall system works a little differently. In a standard firewall, such as AWS security groups, you can manually edit and open ports for all instances that use that security group. If you only want to open a single port, all you have to do is edit the security group.
For GCP, firewalls are handled with “firewall rules”;, which are sets of allowed / denied ports with other settings such as the source IP filter. The firewall rule can be applied to any instance of the account, but you must specify a “target tag”, such as “ftp” or “https server”, that can be added to all compute engine instances to open specified ports.
What you end up with is a system where you can manage firewall rules based on application needs, which makes it much easier to understand why gates are open. Of course, if you just want to create a firewall rule with a unique tag for your instance and manage ports directly, you can do that too.
Open ports with firewall rules
From the Compute Engine console, click “View Network Details” in the instance.
Click “Firewall Rules” in the sidebar.
Create a new firewall rule.
Give it a name and choose whether to allow or deny traffic. Traffic is implicitly denied by default.
For target marks, give the rule a name to identify it. For the source IP range, there is no “anywhere” option, so you must enter manually
0.0.0.0/0—CIDR listing for all possible IP addresses.
Under Protocols and Ports, you can open everything (a bad idea) or select a protocol and port number. You can enter multiple port numbers with commas or enter other protocols besides tcp and udp.
Create the rule and return to the Compute Engine to apply it. Click the instance to view the details and click “Edit” to edit the network tags.
Add the tag for the rule you just added under “Network tags”.
Once saved, the firewall updates should be reflected automatically.
If your application is still not available in the ports you opened, you may want to check or disable firewalls on your device, for example
ufw, to ensure that they do not conflict with GCP.