3

I am building a Google Home application with DialogFlow. Fulfillment is done via Webhook that points to my virtual machine
In the VM the 443 port is open and certificates are configured.
However now I would like to change the VM firewall to allow only the google server IP addresses/ subnets
Does anyone know where to find this list?
I´ve found the equivalent list for Alexa in: http://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html
(ip-ranges.json file)
Thanks in advance
Ester

Ester Gonzalez De Langarica
  • 420
  • 2
  • 16

3 Answers3

3

Credit to this reddit old post I found : https://www.reddit.com/r/starcitizen/comments/3lce2k/list_of_google_cloud_ip_addresses_for_firewall/

With this command you can get the list of google IPs and update the firewall accordingly

dig @8.8.8.8 +short txt _cloud-netblocks.googleusercontent.com | sed 's/"//g; s/ip4://g; s/ip6://g;' | tr ' ' '\n' | grep include | cut -d ':' -f2 | xargs dig @8.8.8.8 +short txt | sed 's/"//g; s/ip4://g; s/ip6://g;' | tr ' ' '\n' | grep '/'
Ester Gonzalez De Langarica
  • 420
  • 2
  • 16
2

For anyone that get's here in 2020, Google publishes their IP Addresses in the documentation.

  • Google publishes the complete list of IP ranges that it announces to the internet in goog.json.
  • Google also publishes a list of Google Cloud customer-usable global and regional external IP addresses ranges in cloud.json. The IP addresses used by the default domains for Google APIs and services fit within the list of ranges computed by taking away all ranges in cloud.json from those in goog.json

Reference: https://cloud.google.com/vpc/docs/configure-private-google-access#ip-addr-defaults

Julian Andrade
  • 21
  • 3
-1

This isn't a Google home question. Read the docs on your firewall whitelisting feature.

Bela Vizy
  • 1,098
  • 6
  • 19
  • 1
    How can I whitelist the IP address of the google servers in my firewall if I dont know them? The fullfilment of the actions is implemented in a virtual machine. I dont want to have its firewall open to the whole internet but only the required ones from google. I did the equivalent thing for the alexa skill. – Ester Gonzalez De Langarica Jul 10 '19 at 05:18
  • Look at the firewall logs. Again this has nothing to do with Google. You can ask Google, but I would be surprised if they guarantee IPs, maybe a broad range from their cloud. – Bela Vizy Jul 10 '19 at 14:22
  • Here are two examples from DialogFlow: google-proxy-64-233-172-46.google.com and google-proxy-64-233-172-49.google.com (64.233.172.46 and 64.233.172.49). – Bela Vizy Jul 10 '19 at 14:33
  • Thanks but why do you keep saying it has nothing to do with google? The request comes from their servers. I can check the log but those IP addresses may change over time. Amazon publishes the range of ip addresses the request come from. https://docs.aws.amazon.com/general/latest/gr/aws-ip-ranges.html – Ester Gonzalez De Langarica Jul 11 '19 at 10:57
  • Apparently someone asked the same question and it was answered by Google support but not available now.. https://productforums.google.com/forum/?hl=sv&visit_id=636721483063238456-1185117771&rd=2#!topic/dialogflow/5Q6MfTYZUG0;context-place=forum/dialogflow – Ester Gonzalez De Langarica Jul 11 '19 at 10:59
  • OK. I think I didn't pay attention to you question. Yes, Google can give you a range. But unfortunately I don't know where it is. Sorry for the misunderstanding. My bad. – Bela Vizy Jul 11 '19 at 21:53
  • Many thanks anyway. I will need to open the firewall to all IPs I guess.... – Ester Gonzalez De Langarica Jul 12 '19 at 07:23
  • I have found this, maybe helpful for others, I havent tested it yet https://www.reddit.com/r/starcitizen/comments/3lce2k/list_of_google_cloud_ip_addresses_for_firewall/ – Ester Gonzalez De Langarica Jul 12 '19 at 11:32