Bird
Raised Fist0
GCPcloud~5 mins

Firewall rule components (target, source, protocol) in GCP - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is the target in a firewall rule?
The target specifies which resources (like virtual machines) the firewall rule applies to. It acts like choosing which doors the rule controls.
Click to reveal answer
beginner
What does the source mean in a firewall rule?
The source defines where the network traffic comes from, such as specific IP addresses or ranges. Think of it as the visitor's address trying to enter.
Click to reveal answer
beginner
Why is the protocol important in a firewall rule?
The protocol tells the firewall which type of network traffic to allow or block, like TCP or UDP. It's like choosing which kind of mail (letters, packages) to accept.
Click to reveal answer
intermediate
How do source and target work together in a firewall rule?
The source defines who is trying to connect, and the target defines who can be connected to. Together, they control who can talk to whom.
Click to reveal answer
intermediate
What happens if you don't specify a protocol in a GCP firewall rule?
If no protocol is specified, the rule won't know which traffic to allow or block, so it won't work properly. Always specify the protocol to make the rule effective.
Click to reveal answer
In a GCP firewall rule, what does the target specify?
AThe resources the rule applies to
BThe firewall's priority
CThe network protocol used
DThe source IP addresses allowed
What does the source field in a firewall rule represent?
AThe destination IP addresses
BThe protocol type
CThe firewall rule name
DWhere the traffic originates from
Which protocol is NOT commonly specified in firewall rules?
ATCP
BUDP
CHTTP
DICMP
If a firewall rule has no target specified, what happens?
AIt applies to all resources
BIt applies to no resources
CIt blocks all traffic
DIt only allows traffic from the source
Why must you specify a protocol in a firewall rule?
ATo set the firewall's priority
BTo identify the traffic type to allow or block
CTo define the source IP
DTo name the firewall rule
Explain the roles of target, source, and protocol in a GCP firewall rule.
Think about who is talking, who is listening, and what language they use.
You got /3 concepts.
    Describe what happens if you omit the protocol in a firewall rule.
    Imagine trying to filter mail without knowing if it's letters or packages.
    You got /3 concepts.

      Practice

      (1/5)
      1. What does the source component specify in a GCP firewall rule?
      easy
      A. The type of communication protocol allowed
      B. The machines that the rule applies to
      C. The IP addresses or ranges where traffic originates
      D. The priority of the firewall rule

      Solution

      1. Step 1: Understand the role of source in firewall rules

        The source defines where the incoming traffic comes from, such as specific IP addresses or ranges.

      2. Step 2: Differentiate source from target and protocol

        The target specifies which machines are affected, and protocol defines the communication type, so source is about origin.

      3. Final Answer:

        The IP addresses or ranges where traffic originates -> Option C

      4. Quick Check:

        Source = traffic origin [OK]
      Hint: Source means where traffic comes from [OK]
      Common Mistakes:
      • Confusing source with target machines
      • Mixing source with protocol type
      • Thinking source is about rule priority
      2. Which of the following is the correct way to specify a protocol in a GCP firewall rule?
      easy
      A. "tcp"
      B. tcp
      C. protocol: tcp
      D. "protocol:tcp"

      Solution

      1. Step 1: Review GCP firewall rule syntax for protocol

        Protocols are specified as strings, so they must be enclosed in quotes like "tcp" or "udp".

      2. Step 2: Identify correct syntax among options

        "tcp" uses quotes correctly. tcp lacks quotes, protocol: tcp and "protocol:tcp" include extra text or wrong format.

      3. Final Answer:

        "tcp" -> Option A

      4. Quick Check:

        Protocol strings need quotes [OK]
      Hint: Protocol names must be in quotes [OK]
      Common Mistakes:
      • Omitting quotes around protocol
      • Adding extra text inside protocol string
      • Using incorrect syntax like key:value inside quotes
      3. Given this firewall rule snippet:
      {"sourceRanges": ["192.168.1.0/24"], "targetTags": ["web-server"], "allowed": [{"IPProtocol": "tcp", "ports": ["80"]}]}

      Which machines will this rule apply to?
      medium
      A. Machines tagged with "web-server"
      B. All machines in the network
      C. Machines with IP in 192.168.1.0/24
      D. Machines allowing TCP on port 80

      Solution

      1. Step 1: Identify the target component in the rule

        The rule uses "targetTags": ["web-server"], meaning it applies only to machines tagged "web-server".

      2. Step 2: Understand sourceRanges and allowed fields

        SourceRanges limits traffic origin; allowed defines protocol and ports. TargetTags define which machines are affected.

      3. Final Answer:

        Machines tagged with "web-server" -> Option A

      4. Quick Check:

        TargetTags = affected machines [OK]
      Hint: TargetTags specify affected machines [OK]
      Common Mistakes:
      • Confusing sourceRanges with target machines
      • Thinking sourceRanges limits target machines
      • Assuming all machines are affected
      4. You wrote this firewall rule:
      {"sourceRanges": ["10.0.0.0/16"], "targetTags": ["db-server"], "allowed": [{"IPProtocol": tcp, "ports": ["5432"]}]}

      Why does this rule fail to deploy?
      medium
      A. Incorrect sourceRanges format
      B. Ports must be numbers, not strings
      C. targetTags must be IP addresses
      D. Missing quotes around protocol name "tcp"

      Solution

      1. Step 1: Check the protocol field syntax

        The protocol name "tcp" must be a string enclosed in quotes. Here, tcp is unquoted, causing syntax error.

      2. Step 2: Verify other fields

        sourceRanges format is correct, targetTags accept tags, ports can be strings representing port numbers.

      3. Final Answer:

        Missing quotes around protocol name "tcp" -> Option D

      4. Quick Check:

        Protocol names need quotes [OK]
      Hint: Always quote protocol names like "tcp" [OK]
      Common Mistakes:
      • Leaving protocol unquoted
      • Confusing tags with IP addresses
      • Using numeric ports without quotes (allowed but inconsistent)
      5. You want to allow HTTP traffic only from the IP range 203.0.113.0/24 to all VMs tagged "frontend" using TCP port 80. Which firewall rule configuration is correct?
      hard
      A. {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp"}]}
      B. {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp", "ports": ["80"]}]}
      C. {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["backend"], "allowed": [{"IPProtocol": "udp", "ports": ["80"]}]}
      D. {"sourceRanges": ["0.0.0.0/0"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp", "ports": [80]}]}

      Solution

      1. Step 1: Match sourceRanges to the required IP range

        The correct sourceRanges ["203.0.113.0/24"] matches the requirement, eliminating configurations using ["0.0.0.0/0"].

      2. Step 2: Check targetTags and allowed protocol/ports

        {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp", "ports": ["80"]}]} targets "frontend" and allows TCP on port "80" as strings, which is correct. {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp"}]} lacks ports, so incomplete.

      3. Step 3: Verify other options

        {"sourceRanges": ["0.0.0.0/0"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp", "ports": [80]}]} allows all IPs (0.0.0.0/0), not restricted. {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["backend"], "allowed": [{"IPProtocol": "udp", "ports": ["80"]}]} targets "backend" and uses UDP, both incorrect.

      4. Final Answer:

        {"sourceRanges": ["203.0.113.0/24"], "targetTags": ["frontend"], "allowed": [{"IPProtocol": "tcp", "ports": ["80"]}]} -> Option B

      5. Quick Check:

        Correct source, target, protocol, and port [OK]
      Hint: Match source, target tag, protocol, and port exactly [OK]
      Common Mistakes:
      • Using wrong IP range or all IPs
      • Targeting wrong VM tags
      • Missing ports in allowed protocols
      • Using wrong protocol like UDP for HTTP