I was doing some network testing for a lab and I wanted to use the cloud shell. I was thinking that I could configure a firewall rule on my VPC to accept incoming icmp traffic from cloud shell CIDR range, which is the range of 172.17.0.0 or 172.18.0.0, depending on which interface is used outbound, either eth0 or Docker0. After configuring rules on my VPC, I still cannot ping from cloud shell into my VM instances. It seems that ping is disabled all together from cloud shell. Is this accurate ? Or I should be able to configure a firewall rule for this ?
You definitely should be able to do this, yes!
To make sure your rule changes are affecting the right instances, start by relaxing it to 0.0.0.0/0. If that doesn’t work, you know you’re configuring the rules incorrectly. If that works, then you should look at the CIDR block you’re using in the rule.
To ensure that you’ve got the right IP range for your Cloud Shell, ping
api.ipify.org from Cloud Shell. The response should tell you how your outbound connections appear to the Internet–and to the network rules handling your ping inbound to the VPC.
Let me know how it goes!