0
0
GCPcloud~10 mins

Firewall rules concept in GCP - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Process Flow - Firewall rules concept
Start: Incoming/Outgoing Traffic
Check Firewall Rules List
Match Traffic to Rule?
NoAllow or Deny by Default
Yes
Apply Rule Action (Allow/Deny)
Traffic Allowed or Blocked
Traffic tries to enter or leave a network. Firewall rules are checked one by one. If traffic matches a rule, that rule's action (allow or deny) is applied. If no rule matches, default action applies.
Execution Sample
GCP
1. Traffic arrives
2. Check rule: allow tcp port 80
3. Traffic matches rule?
4. If yes, allow traffic
5. Else, deny traffic
This sequence shows how incoming traffic is checked against firewall rules and allowed or denied.
Process Table
StepTraffic TypeRule CheckedMatch?Action TakenResult
1TCP port 80Allow TCP port 80YesAllowTraffic allowed
2TCP port 22Allow TCP port 80NoCheck next ruleContinue checking
3TCP port 22Deny all other trafficYesDenyTraffic denied
4UDP port 53Allow TCP port 80NoCheck next ruleContinue checking
5UDP port 53Deny all other trafficYesDenyTraffic denied
6ICMPAllow TCP port 80NoCheck next ruleContinue checking
7ICMPDeny all other trafficYesDenyTraffic denied
8TCP port 443Allow TCP port 80NoCheck next ruleContinue checking
9TCP port 443Deny all other trafficYesDenyTraffic denied
10TCP port 80Allow TCP port 80YesAllowTraffic allowed
💡 Traffic is allowed or denied once a matching rule is found; if no match, default deny applies.
Status Tracker
TrafficRule CheckedMatch ResultAction Taken
TCP port 80Allow TCP port 80YesAllow
TCP port 22Allow TCP port 80NoCheck next rule
TCP port 22Deny all other trafficYesDeny
UDP port 53Allow TCP port 80NoCheck next rule
UDP port 53Deny all other trafficYesDeny
ICMPAllow TCP port 80NoCheck next rule
ICMPDeny all other trafficYesDeny
TCP port 443Allow TCP port 80NoCheck next rule
TCP port 443Deny all other trafficYesDeny
TCP port 80Allow TCP port 80YesAllow
Key Moments - 3 Insights
Why does traffic stop checking rules after the first match?
Firewall rules are evaluated in order. Once a rule matches the traffic, its action is applied immediately, and no further rules are checked. See execution_table steps 1 and 3.
What happens if no firewall rule matches the traffic?
If no rule matches, the default action applies, which is usually to deny the traffic. This is shown in execution_table where unmatched traffic hits the deny all other traffic rule.
Can a firewall rule allow some traffic and deny other traffic?
Each rule either allows or denies traffic based on conditions. To allow some and deny others, multiple rules are needed. The execution_table shows separate rules for allowing port 80 and denying others.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what action is taken for TCP port 22 traffic at step 3?
AAllow
BDeny
CCheck next rule
DNo action
💡 Hint
Check the 'Action Taken' column at step 3 in execution_table.
At which step does UDP port 53 traffic get denied?
AStep 4
BStep 6
CStep 5
DStep 7
💡 Hint
Look for UDP port 53 in execution_table and find where 'Deny' is applied.
If the 'Allow TCP port 80' rule was removed, what would happen to TCP port 80 traffic?
AIt would be denied by the deny all other traffic rule
BIt would be allowed by default
CIt would be allowed by another rule
DIt would cause an error
💡 Hint
Refer to variable_tracker and execution_table to see how rules affect traffic.
Concept Snapshot
Firewall rules check network traffic in order.
Each rule matches traffic by protocol, port, or IP.
If traffic matches, rule action (allow or deny) applies immediately.
If no rule matches, default deny usually applies.
Rules are processed top-down, first match wins.
Full Transcript
Firewall rules control network traffic by checking each packet against a list of rules. Traffic arrives and is compared to each rule in order. If the traffic matches a rule's conditions, the rule's action (allow or deny) is applied immediately, and no further rules are checked. If no rules match, the default action is to deny the traffic. This process ensures only authorized traffic passes through the network. The execution table shows examples of traffic types checked against rules and the resulting actions. Key points include that rules are evaluated in order, the first match decides the outcome, and unmatched traffic is denied by default.