Today I've experienced very unusual behavior of Google AppEngine's firewall. I've an app running inside of GKE pod and another one is running inside of AppEngine. I need my pod to be able to access AppEngine If I do curl from a pod like this curl ifconfig.co I see 35...* btw, if I'm trying to crul ipinfo.io/ip answer is 0.0.0.0.
Now, with I'm trying to permit those IP address in AppEngine's firewall , but nothing's happens. (10.0.0.0/8 network is also permitted, default rule set to prohibited).
After that I tried to permit all traffic to AppEngine and determine , which IP is visible for it. And here's what I get:
protoPayload: {
@type: "type.googleapis.com/google.appengine.logging.v1.RequestLog"
appEngineRelease: "1.9.71"
appId: "redacted"
cost: 2.3245e-8
endTime: "2019-12-06T13:50:49.895089Z"
finished: true
first: true
host: "redacted.appspot.com"
httpVersion: "HTTP/1.1"
instanceId: "redacted-id"
instanceIndex: -1
ip: "0.0.0.0"
latency: "14.364944s"
IP is 0.0.0.0. If I permit 0.0.0.0 in firewall AppEngine get's accessible for pod but not for other world. Is that expected behavior?
When the firewall rule is set for 0.0.0.0 it only allows that IP, and 0.0.0.0/0 is the whole internet.
So If the firewall rule you set was only for 0.0.0.0 it is an expected behavior.