Egress traffic to China = huge traffic and huge charges - how can I set up the firewall to block

Reto Steffen

unread,

May 10, 2018, 12:25:06 PM5/10/18

to gce-discussion

Hi,

Suddenly since last month I get huge egress traffic to China for my website, the website is of 0 use to Chinese users, I'm guessing it's either bots or DOS.

How can I set up the firewall to block the whole Country or region?

Thank you for any pointers!

Jason Holt

unread,

May 10, 2018, 6:14:31 PM5/10/18

to reto.s...@gmail.com, gce-dis...@googlegroups.com

You could block all of the individual CIDR addresses for China (though don't I recommend trying this by hand as there are over 7000 of them).

Here's an article that covers it fairly well (scroll past the negative-nannies):

https://serverfault.com/questions/22462/relatively-easy-way-to-block-all-traffic-from-a-specific-country

-- Jason

--
© 2018 Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043

Email preferences: You received this email because you signed up for the Google Compute Engine Discussion Google Group (gce-dis...@googlegroups.com) to participate in discussions with other members of the Google Compute Engine community and the Google Compute Engine Team.
---
You received this message because you are subscribed to the Google Groups "gce-discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to gce-discussio...@googlegroups.com.
To post to this group, send email to gce-dis...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/gce-discussion/4db9ad81-b4c4-47a5-a8b6-e911b65653f3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jason Holt

Andominia GM

magic...@andominia.com

Dinesh (Google Platform Support)

unread,

May 10, 2018, 7:48:10 PM5/10/18

to gce-discussion

Hi Reto,

You can find detailed information about GCP firewall rules and egress cases in these documents[1][2]. You can create firewall rules to deny egress traffic to a specific target range of IPs, however, it would be difficult to determine which IPs from China are generating the egress traffic. Some third-party website might help to identify IP ranges belongs to which country as suggested in above-posted server fault thread. Whether it's an attack or not you can figure it out based on your service's typical usage patterns, and more importantly, logs from your server.

[1]:https://cloud.google.com/vpc/docs/firewalls

[2]: https://cloud.google.com/vpc/docs/firewalls#egress_cases

Reto Steffen

unread,

May 11, 2018, 2:32:26 AM5/11/18

to gce-discussion

Thanks for your help.

As a quick fix, I had just created a lot of firewall rules with the ~7000 addresses I got from https://www.ip2location.com/blockvisitorsbycountry.aspx

It's quite quick over the command line as you can have max 256 addresses in one rule.