Configuring Network Firewall Rules in Google Compute Engine


Firewall rules are an essential component of securing your virtual machine instances in Google Compute Engine. These rules control incoming and outgoing network traffic, allowing you to define who can access your instances and which services they can use.

Key Concepts

Before we dive into configuring firewall rules, let's understand some key concepts:

  • Firewall Rules: These rules specify which connections are allowed or denied based on IP addresses, ports, and protocols.
  • Network Tags: You can associate firewall rules with instances using network tags, making it easier to manage access control.

Creating a Firewall Rule

To create a basic firewall rule using the gcloud command-line tool, you can use the following example:

    gcloud compute firewall-rules create my-firewall-rule --allow=tcp:80,tcp:443 --source-ranges= --target-tags=my-instance-tag

This command creates a firewall rule named "my-firewall-rule" that allows incoming traffic on ports 80 (HTTP) and 443 (HTTPS) from any source IP address ( The rule is applied to instances with the network tag "my-instance-tag."

Listing Firewall Rules

You can list all firewall rules in your project using the following command:

    gcloud compute firewall-rules list

Deleting a Firewall Rule

If you want to remove a firewall rule, you can use the following command:

    gcloud compute firewall-rules delete my-firewall-rule


Configuring network firewall rules in Google Compute Engine is crucial for securing your virtual machine instances. By defining rules for incoming and outgoing traffic, you can control access and protect your resources. Explore more advanced configurations and options in the Google Compute Engine documentation.