This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Close port 80 in external static IP

Posted on 08-12-2022 01:13 AM
huu_nv
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello. I created a static external IP. And after created. It's not used by any load balancer, ... But when I check port open with Nmap. Port 80 is opening? How can I close port 80 in static external IP? Can you guys can help me. Here is the case

- This IP doesn't use by any service. Port 80 is open.
- Next, I use this IP in GKS ingress and open only port 443 for HTTPS. GKS ingress created a load balancer with Front End HTTPS. But when I check port 80. It's still open.

@huu_nv 

0 4 1,848
Topic Labels
0 Likes
4 REPLIES 4

Posted on --/--/---- --:-- AM
SebastianG
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

@huu_nv I assume that the IP address is attached to a VM or similar internal service that you spun up within your GCP project.

I'd say you should check first where's that IP address attached to (via tags or all subnets) and from there check the firewall rules (VPC Networks > Firewall), you may be able to lock it down from there. You can have a peek here as well: https://cloud.google.com/vpc/docs/firewalls 

0 Likes

Posted on --/--/---- --:-- AM
huu_nv
Bronze 1
Bronze 1
In response to SebastianG
Reply posted on --/--/---- --:-- AM

thank you for your response. Lets me give you more information. I created a static IP.
- This IP doesn't use by any service. Port 80 is open.
- Next, I use this IP in GKS ingress and open only port 443 for HTTPS. GKS ingress created a load balancer with Front End HTTPS. But when I check port 80. It's still open.

0 Likes

Posted on --/--/---- --:-- AM
grobledo
Staff
Reply posted on --/--/---- --:-- AM

You need to create a VPC firewall rule and allow only the port 443 for your particular IP.

0 Likes

Posted on --/--/---- --:-- AM
pfrankwicz
Bronze 4
Bronze 4
Reply posted on --/--/---- --:-- AM

Hi Huu_nv, SebastianG has some good checks.  Here are some tactical steps to get you started blocking all ingress to Port 80.  Create a firewall rule by selecting the VPC network of the GSK instance.  Firewall components: Direction: ingress; Priority: 10 for high priority [default is 1000];  Action: DENY; Status: enable; Target: the GKE cluster instance; Source filter for ingress rules: 0.0.0.0/0 (any IPv4 address); Protocol: TCP Port 80.  If IPv6 traffic is used, a IPv6 deny ingress rule should also be set up. GKE automatically creates firewall for rules for ingress at default priority 1000.  A priority setting of 10 will rule over 1000.  In any case, there are numerous warnings of high caution when modifying automatically deployed GKE firewalls rules.  I am a rank beginner in GCP, so carefully check my answer before deploying. Good luck clouding, pfrankwicz.

0 Likes
Top Labels in this Space
Top Solution Authors
View all