Terraform/GCP, how to create a firewall rule to deny all traffic without specify IP ranges?

Question

I am using terraform to create a egress firewall rules in GCP. I want to create one rule to deny all port. It can be done by specify the protocol and port ranges. But since I want to deny all protocol and ports, is there a way to set "all" instead?

deny = [{
      protocol = "tcp"
      ports    = ["0-65535"]
    },
    {
      protocol = "udp"
      ports    = ["0-65535"]
    },
    ]

Answer 1

Change to: '''

deny = [{
  protocol = "all"
  ports    = []
},
]

It will work.

Answer 2

You dont specify what resource type you are using and I am not user of GCP, but instead AWS. So I am not 100% sure, but reading the docs it seems for GCP firewall deny block to suggest the deny protocol supports a value of all and if you dont provide a port number or range it will apply to any port

https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_firewall#nested_deny

The deny block supports:

protocol - (Required) The IP protocol to which this rule applies. The protocol type is required when creating a firewall rule. This value can either be one of the following well known protocol strings (tcp, udp, icmp, esp, ah, sctp, ipip, all), or the IP protocol number.

ports - (Optional) An optional list of ports to which this rule applies. This field is only applicable for UDP or TCP protocol. Each entry must be either an integer or a range. If not specified, this rule applies to connections through any port. Example inputs include: ["22"], ["80","443"], and ["12345-12349"].