GCP:防火墙规则限制 [英] GCP: firewall rules limits

问题描述

如果我理解正确，那么-此配额代表您可以为项目中的所有VPC网络创建的防火墙规则的数量. 每个项目的防火墙规则最大数量:500(默认) 您不能增加此配额.

If I understand correctly, then - This quota represents the number of firewall rules you can create for all VPC networks in your project. Max number of firewall rules per project: 500 (by default) You cannot increase this quota.

但是在这种情况下，我有以下问题: 我如何知道我的项目中已经使用了多少? 它取决于什么?这是怎么发生的?

But in this case, I have the following question: How can I find out how much has already been used in my project? What does it depend on? How does this come about?

推荐答案

防火墙规则是对您希望允许/拒绝的内容的描述.正如您所说，您可以定义多少个不同的规则.但是，该规则的应用程序"没有配额.当对您的网络发出请求时，有效的规则集将与该请求相匹配.这是规则的应用".规则可以应用多少次没有限制也没有配额.您可以定义的规则数量的配额与在运行时查阅这些规则的频率之间没有关系.

A firewall rule is a description of what you wish to allow/deny. As you say, there is a quota on how many distinct rules you are permitted to define. However, an "application" of that rule has no quota. When a request is made to your network the set of rules in effect are matched against that request. This is an "application" of the rules. There is no limit nor quota on how many times the rules can be applied. There is no relationship between the quota of the number of rules you can define and how often those rules are consulted at runtime.

尝试进一步澄清...

To try and clarify further ...

想象一下，您有一个在GCP内运行的应用程序正在监听端口12345.默认情况下，所有进入GCP VPC网络的传入流量都被阻止.您可以创建一个规则，该规则定义允许到端口12345的TCP通信.这将是单个规则的示例.

Imagine you have an application running inside GCP that is listening on port 12345. By default, ALL incoming traffic into your GCP VPC network is blocked. You may create a rule that defines that TCP traffic to port 12345 is allowed. This would be an example of a single rule.

出于安全性考虑，您可能希望仅允许来自特定IP范围的SSH流量进入计算引擎.您可以定义第二条规则，即仅允许来自指定IP范围的BUT允许端口222上的TCP通信.这将是另一个单一规则的示例.

For security, you may wish to only allow SSH traffic into your compute engines coming from a specific IP range. You may define a second rule that says that TCP traffic on port 222 is allowed BUT only from a specified IP range. This would be an example of another single rule.

如果这些是您唯一的规则，则总共将定义两个规则.您可以为每个项目创建500条此类规则.通常，这比您将需要的要远.

If these were your only rules, you would then have a total of two rules defined. You are allowed to create 500 such rules per project. This is usually far more than you will ever need.

区分尝试访问网络时创建的规则数量.每次尝试访问您的网络都将应用所有这些规则.规则的应用次数没有配额...仅在您定义的规则总数上.

Distinguish the number of rules you have created from attempts to access your network. Every attempt to access your network will have all these rules applied. There is no quota on the number of times rules are applied ... only on the total number of rules that you have defined.

这篇关于GCP:防火墙规则限制的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！