Hello Paul,
No one will be locally connected to the server it will always be outside. SIP / RTP for messages plus media. Interesting you write iptables, 3 months ago iptables was not allowed on Google Cloud Instance and two days ago I see it install after updating the server. I sent a support email and received the following:
I asked a similar question in December 2017.
A decision was made to not use iptables for the Centos 7 Instance and configured Ingress/Egress within GCP.
Within the last five (5) months instances were created and deleted on purpose for testing but a week ago in creating a Centos 7 Server Instance and runnning yum -y update there was no installation of iptables. In December 2017 the package did not exist for the Centos 7 image on GCP and decided to install it separately before finally just using the Firewall feature within GCP.
Yesterday I noticed the image date of Centos 7 Server was 2.27.2018 but this time iptables appeared in the list of packages from running the command.
yum -y update
Installed:
kernel.x86_64 0:3.10.0-693.21.1.el7 Updated: google-cloud-sdk.noarch 0:192.0.0-1.el7 iptables.x86_64 0:1.4.21-18.3.el7_4
kernel-tools.x86_64 0:3.10.0-693.21.1.el7 kernel-tools-libs.x86_64 0:3.10.0-693.21.1.el7 libgcc.x86_64 0:4.8.5-16.el7_4.2
libgomp.x86_64 0:4.8.5-16.el7_4.2 libstdc++.x86_64 0:4.8.5-16.el7_4.2 libteam.x86_64 0:1.25-6.el7_4.3 python-perf.x86_64 0:3.10.0-693.21.1.el7
selinux-policy.noarch 0:3.13.1-166.el7_4.9 selinux-policy-targeted.noarch 0:3.13.1-166.el7_4.9 systemd.x86_64 0:219-42.el7_4.10
systemd-libs.x86_64 0:219-42.el7_4.10 systemd-sysv.x86_64 0:219-42.el7_4.10 teamd.x86_64 0:1.25-6.el7_4.3
I will read the information from the sent link about iptables and nat gateway. Yes the focus is security in and out of the instance.
I will do as suggested and update this ticket shortly.
Ed
This worked this morning on an Instance created in December 2017 the one I created on March 13, 2018 it is not working. Will update 🤘
https://youtu.be/J8H2leO-0nk