Hi guys, already use Cloudflare in a twice sites hosted on Google Cloud Platform and I have a little question.
After update/change DNS for my domain to Cloudflare’s DNS, should I do anything else?, maybe allow some firewall rules to my GCP firewall or something to improve the relationship between Google Cloud and Cloudflare? to better work togetter?
I don’t use Google Cloud, but for my VPS, I firewall off anything that doesn’t come from Cloudflare or my Home IP address.
Yes, your VPC needs inbound rules for every CIDR range Cloudflare has on that page.
Just to add something to this, in my case I have a private GKE cluster and nodes don’t have a public IP address. In this case you cannot prevent traffic to your loadbalancer with firewall rules. Those rules apply at vm instance level “Note that firewall rules block and allow traffic at the instance level, not at the edges of the network. They cannot prevent traffic from reaching the load balancer itself”. While you can use Cloud Armor to filter traffic at the balancer level “Use these instructions to enable IP allow list/deny list for HTTP(S) Load Balancing by creating Google Cloud Armor security policies” and allow only Cloudflare ips to hit the balancer.
This topic was automatically closed after 30 days. New replies are no longer allowed.