Network firewall rules should not permit ingress from 0.0.0.0/0 to port 3389 (RDP)¶
If RDP is open to the internet, attackers can attempt to gain access to VM instances. Removing unfettered connectivity to remote console services, such as RDP, reduces a server’s exposure to risk.
Google Cloud Console¶
To update a firewall with a new source IP range:
gcloud compute firewall-rules update FIREWALL_NAME --allow=[PROTOCOL[:PORT[-PORT]],...] --source-ranges=[CIDR_RANGE,...]