Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

Firewall rule for cloud shell command-line


I was doing some network testing for a lab and I wanted to use the cloud shell. I was thinking that I could configure a firewall rule on my VPC to accept incoming icmp traffic from cloud shell CIDR range, which is the range of or, depending on which interface is used outbound, either eth0 or Docker0. After configuring rules on my VPC, I still cannot ping from cloud shell into my VM instances. It seems that ping is disabled all together from cloud shell. Is this accurate ? Or I should be able to configure a firewall rule for this ?



1 Answers

You definitely should be able to do this, yes!

To make sure your rule changes are affecting the right instances, start by relaxing it to  If that doesn’t work, you know you’re configuring the rules incorrectly.  If that works, then you should look at the CIDR block you’re using in the rule.

To ensure that you’ve got the right IP range for your Cloud Shell, ping from Cloud Shell.  The response should tell you how your outbound connections appear to the Internet–and to the network rules handling your ping inbound to the VPC.

Let me know how it goes!


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?