How to open a specific port such as 9090 in Google Compute Engine

Question

I have 2 Google Compute Engine instances and I want to open port 9090 in both the instances. I think we need to add some firewall rules.

Can you tell me how can I

Answer 1

Creating firewall rules

Please review the firewall rule components [1] if you are unfamiliar with firewall rules in GCP. Firewall rules are defined at the network level, and only apply to the network where they are created; however, the name you choose for each of them must be unique to the project.

For Cloud Console:

1. Go to the Firewall rules page in the Google Cloud Platform Console.
2. Click Create firewall rule.
3. Enter a Name for the firewall rule. This name must be unique for the project.
4. Specify the Network where the firewall rule will be implemented.
5. Specify the Priority of the rule. The lower the number, the higher the priority.
6. For the Direction of traffic, choose ingress or egress.
7. For the Action on match, choose allow or deny.

8. Specify the Targets of the rule.

   • If you want the rule to apply to all instances in the network, choose All instances in the network.
   • If you want the rule to apply to select instances by network (target) tags, choose Specified target tags, then type the tags to which the rule should apply into the Target tags field.
   • If you want the rule to apply to select instances by associated service account, choose Specified service account, indicate whether the service account is in the current project or another one under Service account scope, and choose or type the service account name in the Target service account field.

9. For an ingress rule, specify the Source filter:

   • Choose IP ranges and type the CIDR blocks into the Source IP ranges field to define the source for incoming traffic by IP address ranges. Use 0.0.0.0/0 for a source from any network.
   • Choose Subnets then mark the ones you need from the Subnets pop-up button to define the source for incoming traffic by subnet name.
   • To limit source by network tag, choose Source tags, then type the network tags in to the Source tags field. For the limit on the number of source tags, see VPC Quotas and Limits. Filtering by source tag is only available if the target is not specified by service account. For more information, see filtering by service account vs.network tag.
   • To limit source by service account, choose Service account, indicate whether the service account is in the current project or another one under Service account scope, and choose or type the service account name in the Source service account field. Filtering by source service account is only available if the target is not specified by network tag. For more information, see filtering by service account vs. network tag.
   • Specify a Second source filter if desired. Secondary source filters cannot use the same filter criteria as the primary one.

10. For an egress rule, specify the Destination filter:

    • Choose IP ranges and type the CIDR blocks into the Destination IP ranges field to define the destination for outgoing traffic by IP address ranges. Use 0.0.0.0/0 to mean everywhere.
    • Choose Subnets then mark the ones you need from the Subnets pop-up button to define the destination for outgoing traffic by subnet name.

11. Define the Protocols and ports to which the rule will apply:

    • Select Allow all or Deny all, depending on the action, to have the rule apply to all protocols and ports.

    • Define specific protocols and ports:

      • Select tcp to include the TCP protocol and ports. Enter all or a comma delimited list of ports, such as 20-22, 80, 8080.
      • Select udp to include the UDP protocol and ports. Enter all or a comma delimited list of ports, such as 67-69, 123.
      • Select Other protocols to include protocols such as icmp or sctp.

12. (Optional) You can create the firewall rule but not enforce it by setting its enforcement state to disabled. Click Disable rule, then select Disabled.

13. (Optional) You can enable firewall rules logging:

    • Click Logs > On.
    • Click Turn on.

14. Click Create.

Link: [1] https://cloud.google.com/vpc/docs/firewalls#firewall_rule_components