CIDR IPs range from Brazil

[Rogerio Amaral]

I would like to restrict RDP access to the compute engine only for the range of IPs in Brazil, I have been observing that some servers are being attacked from IPs outside Brazil, where can I get the CIDR IPs range from Brazil to put in the firewall?

Tks.

Rogério Amaral

[Faizan (Google Cloud Support)]

Hello Rogerio,

Google Compute Engine blocks incoming requests from internet to your instance by default, you allow the access by creating firewall rules. If you want to protect your instance against attacks you can create strict firewall rules e.g. you can create a firewall rule to allow access to RDP port only from known IPs. This will prevent unauthorized RDP access to your VM. For more information on firewall rules you can refer to this link[1].

I hope that helps.

Faizan

[1] https://cloud.google.com/compute/docs/networks-and-firewalls

[Rogerio Amaral]

Hello Faizan,

Thanks for the answer. The problem is that access occurs from several clients and each has different IP and are temporary IPs, so they give access only to the IPs of Brazil, because the attacks on port 3389 are from outside Brazil. That's why I wanted to find CIDR of IPs from Brazil.

Rogério Amaral

[Faizan (Google Cloud Support)]

Hello Rogerio,

Its currently not possible to block the access to GCE instance based on the region/IPs. As such, I'll recommend filling a feature request through issue tracker. Make sure to include the detailed information along with your use case. Once done, provide me with the link to the issue report and I'll go ahead and triage it before sending to product engineering team.

Faizan