Question

Does cloud firewall sources specific ip

Hi,

I have setup cloud firewall to “SSH Sources: my ipaddress” I imagined it would only allow my ip to connect to ssh.

However in my log I can see bots spamming my ssh port, shouldn`t other ips be blocked?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Google Cloud doesn’t allow certain IP protocols, such as egress traffic on TCP port 25 within a VPC network. For more information, see always blocked traffic. Certain GRE traffic (beta) • Traffic in Cloud VPN tunnels • Traffic on Cloud Interconnect attachments (VLANs) • Traffic for forwarding rules (load balacing or protocol forwarding)

GRE is allowed within a VPC network Protocols other than TCP, UDP, ICMP, AH, ESP, SCTP, and GRE to external IP addresses of Google Cloud resources The type of resource further limits the protocol. For example, Network TCP/UDP Load Balancing supports only TCP and UDP. Also, a forwarding rule for protocol forwarding only processes a single protocol. Refer to the protocol forwarding documentation for a list of supported protocols.

Egress traffic to TCP destination port 25 (SMTP) Traffic from: • instances to external IP addresses on the internet • instances to external IP addresses of instances

Hi there @philippe15,

I’ve just tested this, and I can confirm that if configured correctly, the firewall will not allow any connections to your Droplet. All connections will be filtered on the firewall level and not reach your Droplet.

You need to make sure that your firewall is configured correctly in terms of rules and then assign your Droplet to the firewall.

For more information, you can take a look a the official documentation here:

https://www.digitalocean.com/docs/networking/firewalls/

Let me know if you have any questions. Regards, Bobby