I would like to clarify something that we did in the VPC lecture. When creating a Firewall rule there are two things. Targets and Source/Destination Filters. On the question mark besides these here is what the tool tip says:
For Targets: Firewall rule applies only to these instances within the virtual network
For Source Filter: Set filters to apply your rule to specific sources of traffic
This is a little confusing to me. Here is my question:
If I create a Firewall rule and chose "Specified Sevice Tag" in the targets, Then specify a network tag in the "Target-tags" and not do anything else, in my understanding I am creating a firewall rule for those instances that have matching network tags. To me that is a specific source of traffic. Why do I need the Source filter.
I checked that I could create a Firewall Rule without the Source filter. I am unable to understand and distinguish these. Thanks for your time and help
1 Answers
One thing I discovered in my tinkering with this during my GCP ACE was that the two make a difference when you’re using Public IPs. Trying to target certain things, like Service Accounts, with Firewall rules doesn’t work when you’re using Public IP’s; only within the VPC. This lead to a very confusing and frustrating challenge lab, for sure 😛
In the cases where you may also be dealing with some sources outside of GCP, this may introduce the need for that.
Thanks for sharing that. That is certainly very interesting. A friend at work told me that he got a question in the exam about Source filters. I did not even pay attention to Source filters prior to that 🙂 He was not sure what the correct answer is.