Network firewall rules should not permit ingress from 0.0.0.0/0 to port 22 (SSH)¶
If SSH is open to the internet, attackers can attempt to gain access to VM instances. Removing unfettered connectivity to remote console services, such as SSH, reduces a server’s exposure to risk.
Google Cloud Console¶
To update a firewall with a new source IP range:
gcloud compute firewall-rules update FIREWALL_NAME --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]