I'm looking to apply the firewall rules set under "Networking" section of the Google Cloud Platform Developers Console to my App Engine instance(s) set up under "Compute -> App Engine" section.
Currently, I only have 2 rules for the "default" network: one for internal use (10.240.0.0/16) and one for external (18.0.0.0/8), with the latter allowing only specific TCP ports (22,80,443). However, when I run my application (which by default is hosted on *.appspot.com domain), I can successfully access it from anywhere in the world and not just on the external network defined by the second rule.
My question is, do firewall rules apply only to Compute Engine and are simply ignored by App Engine (despite them being seemingly defined for the entire project: Networks and firewalls are global resources and are available to all resources in a project.), or do I have to configure something differently to achieve this goal?
For the curious, I'm interested in kernel-space firewall (configured through the dev console) as opposed to, e.g. filtering by IP in my application code (which can also be done, but provides less security in my opinion). Filtering by IP is only intended to enhance security, while actual authentication will still be done through industry-standard protocols.
google-app-engine