Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

Firewall Rules. Target Vs Source Filters

I would like to clarify something that we did in the VPC lecture. When creating a Firewall rule there are two things. Targets and Source/Destination Filters. On the question mark besides these here is what the tool tip says:

For Targets: Firewall rule applies only to these instances within the virtual network

For Source Filter: Set filters to apply your rule to specific sources of traffic

This is a little  confusing to me. Here is my question:

If I create a Firewall rule and chose "Specified Sevice Tag" in the targets, Then specify a network tag in the "Target-tags" and not do anything else, in my understanding I am creating a firewall rule for those instances that have matching network tags. To me that is a specific source of traffic. Why do I need the Source filter. 

I checked that I could create a Firewall Rule without the Source filter. I am unable to understand and distinguish these. Thanks for your time and help

1 Answers

One thing I discovered in my tinkering with this during my GCP ACE was that the two make a difference when you’re using Public IPs. Trying to target certain things, like Service Accounts, with Firewall rules doesn’t work when you’re using Public IP’s; only within the VPC. This lead to a very confusing and frustrating challenge lab, for sure 😛

In the cases where you may also be dealing with some sources outside of GCP, this may introduce the need for that.

Asad Siddiqi

Thanks for sharing that. That is certainly very interesting. A friend at work told me that he got a question in the exam about Source filters. I did not even pay attention to Source filters prior to that 🙂 He was not sure what the correct answer is.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?