Compute Engine public images including Ubuntu OS should not be that different from standard open source images. There are some minor differences that would make it optimized to run on Compute Engine instances. These differences for Ubuntu are documented here.
About firewall rules, I assume you meant the OS level firewall which is usually by default permissive to connections. If that is the case, in addition to the OS firewall, we have our own VPC firewall that sits in front of the VMs (imaginatively speaking) that needs to be configured to allow INGRESS (incoming traffic from the perspective of the VM). For example, if you need to allow traffic to a web server (http), then you would have to configure ingress through port 80 for this VM. You can limit traffic to the VM only (not other VMs) by using labels. You may also limit source connections from the internet originating from certain IP addresses. This topic is explained in more detail in this document. Also this document has great examples on how to create a firewall rule. I hope this helps.