I'm setting an application with an ingress on GKE and want to close ports of tcp/udp. How should I close them except for GCE firewall settings.

With port-scanning by 3rd party, I got that some ports are opened and that there might be any security-vulnerability in them.

As to some of ports, they are used by tcp/udp loadbalancer, saying by an gcp official site. 1

Now, I'm using HTTPS loadbalancer and I do not set any other settings of opening ports. I think that a global loadbalancer is the most front-ended and a firewall setting is effective in any backends behind the loadbalancer .

For a trial, I set a firewall setting, which is all ingress connection is forbidden with a priority best, however, no effect is shown.

List of target ports: tcp open port：25,43,110,143,195,465,587,700,993,995,1883,3389,5222,5432,5671,5672,5900,5901,6379,8080,8085,8099,9092,9200,9300 udp open port：443

Using nmap, a connection-check on PowerShell, they showed a same result.

All ports described above keep open.

PS C:\Users\L> $tc = New-Object System.Net.Sockets.tcpClient
PS C:\Users\L> $tc.connect("target-doamin", 25)
PS C:\Users\L> $tc.connected
True