implementing-gcp-vpc-firewall-rules

Featured

Implementing and auditing GCP VPC firewall rules to enforce network segmentation, restrict ingress and egress traffic, apply hierarchical firewall policies across the organization, and monitor firewall rule effectiveness using VPC Flow Logs.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing GCP VPC Firewall Rules ## When to Use - When deploying new GCP workloads that require network-level access controls - When auditing existing firewall configurations for overly permissive rules - When implementing zero trust network segmentation within GCP VPC networks - When responding to Security Command Center findings about open firewall rules - When building hierarchical firewall policies across a GCP organization **Do not use** for application-layer filtering (use Cloud Armor WAF), for DNS-based filtering (use Cloud DNS response policies), or for VPN/interconnect traffic filtering without understanding that VPC firewall rules apply to traffic within the VPC. ## Prerequisites - GCP project with Compute Engine API enabled - IAM roles: `roles/compute.securityAdmin` for firewall management, `roles/compute.networkViewer` for auditing - Organization Admin role for hierarchical firewall policies - gcloud CLI authenticated with appropriate permissions - VPC Flow Logs enabled on target subnets for monitoring ## Workflow ### Step 1: Audit Existing Firewall Rules for Security Gaps Enumerate all firewall rules and identify overly permissive configurations. ```bash # List all firewall rules in the project gcloud compute firewall-rules list \ --format="table(name, network, direction, priority, allowed[].map().firewall_rule().list():label=ALLOWED, sourceRanges, targetTags)" # Find rules allowing all traffic from 0.0.0.0/0 gcloud compute firewall-rules list \ ...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Integrates with

Google Cloud · Cloud

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

configuring-pfsense-firewall-rules

Configures pfSense firewall rules, NAT policies, VPN tunnels, and traffic shaping to enforce network segmentation, control traffic flow, and protect internal network zones in enterprise and small-to-medium business environments.

12,642 Updated today
mukul975
AI & Automation Featured

implementing-network-segmentation-with-firewall-zones

Design and implement network segmentation using firewall security zones, VLANs, ACLs, and microsegmentation policies to restrict lateral movement and enforce least-privilege network access.

12,642 Updated today
mukul975
Web & Frontend Listed

configuring-firewalls

Configure host-based firewalls (iptables, nftables, UFW) and cloud security groups (AWS, GCP, Azure) with practical rules for common scenarios like web servers, databases, and bastion hosts. Use when exposing services, hardening servers, or implementing network segmentation with defense-in-depth strategies.

368 Updated 5 months ago
ancoleman
AI & Automation Featured

implementing-gcp-organization-policy-constraints

Implement GCP Organization Policy constraints to enforce security guardrails across the entire resource hierarchy, restricting risky configurations and ensuring compliance at organization, folder, and project levels.

12,642 Updated today
mukul975
AI & Automation Solid

gcp-security-scanner

GCP security configuration scanning and hardening using Security Command Center, Forseti, and ScoutSuite

1,034 Updated today
a5c-ai