How to add SSH access IP whitelist?

[Howard Kwong]

Hi,

I was adviced by a security vendor that I should limit the access to SSH to the GCP instance (debian in this case).

I tried adding firewall rules to deny TCP:22 access from all IP which is successful.

But I am not able to add a single IP address into the allow list. I tried to add a single IP but it seems the rule is no effective.

Any clue is much appreciated. Thanks

[Kamran (Google Cloud Support)]

Hello Howard,

As described in this article, a rule with a deny action overrides another with an allow action only if the two rules have the same priority. Using relative priorities, it is possible to build allow rules that override deny rules, and vice versa.

Therefore, if you've created a single rule to deny all source IP addresses for TCP:22 protocol/port, then to allow a single IP to access to SSH service of the VM you will need to create the allow action rule with a higher priority. Note that lower integers indicate higher priorities.

I hope this helps.

[Howard Kwong]

Thanks Kamran,

Is there a way to add just an IP instead of IP range?

[Kamran (Google Cloud Support)]

Sure, you can specify just one IP address instead range(s) in source or source or destination IP ranges fields.