Refining Port Forwarding Rules
By default, every port forwarding rule is set to allow ports to be forwarded for every inbound address. If you click on the "Ingress Firewall" tab, you will see a list of all rules and what addresses can access them.
To refine the rule to provide more precise granularity, add an ingress firewall rule. To do this, click on the "Add Ingress Firewall Rule" button. A new dialog box will appear.
In the "New Firewall Rule" wizard, choose the protocol and port (or port range) that you would like to allow. Also choose the range of IP addresses to which you want the rule applied. The range (or CIDR) can be all addresses (i.e., global, which is the default), just your own address, or a specified range of addresses (i.e., custom).
Click on the "Create Firewall Rule" button to finalize your choice. You will be returned to the "Ingress Rule" view and will now see the new rule that you just added.
The new rule does not replace the default rule. In the above case, even though a rule was added to allow TCP 22 only from 126.96.36.199/32, the default rule still would allow access from any address.
If your intent is to have more granular rules, delete any rules that may conflict by clicking on the on the far right of their line.