强制关闭 GCP 虚拟机上的端口 22

出于安全原因，我想关闭 GCP 上虚拟机的端口 22 (ssh)。目前，如果我执行命令，telnet xx.xx.xxx.xxx 22服务器会响应我：

Trying xx.xx.xxx.xxx...
Connected to xx.xx.xxx.xxx.
Escape character is '^]'.
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5

我尝试正确配置与虚拟机联系的防火墙规则：从“default-allow-ssh”规则中的目标中删除“apply to all”，并创建一个名为“close-ssh”的规则，该规则拒绝与虚拟机的所有连接端口 22 自 0.0.0.0/4 起。

我通过命令验证配置sudo iptables -L，检查是否有任何暴露端口 22 的规则：

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere       

执行命令时nmap -p 22 xx.xx.xxx.xxx，我得到以下输出：

Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-10 09:56 -03
Nmap scan report for xx.xx.xxx.xxx.bc.googleusercontent.com (xx.xx.xxx.xxx)
Host is up (0.32s latency).

PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.67 seconds