If I understand correctly, then - This quota represents the number of firewall rules you can create for all VPC networks in your project. Max number of firewall rules per project: 500 (by default) You cannot increase this quota.
But in this case, I have the following question: How can I find out how much has already been used in my project? What does it depend on? How does this come about?
Firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. These rules are considered as Firewall rules. In GCP, firewall rules let you allow or deny traffic to and from your virtual machine (VM) instances based on a configuration you specify. More information on firewall rules in GCP.
Default GCP firewall rules are enforced, protecting your instances regardless of their configuration and operating system, even if they have not started up. You can see default rules within your GCP project > Networking > VPC network > Firewall rules. If you look carefully, you can see that these rules will enable you to target certain types of traffic, based on the traffic's protocol, ports, sources, and destinations.
You can check Firewall rules quotas for your project. Google has created project level quotas for resources like firewall rules in order to keep all customer configurations within GCP internal limits, however, do not consider it as Maximum number of firewall rules that you can create in VPC network. There is no hard limit for Firewall rules per VPC, but, soft limits based on multiple factors within your GCP project, like the complexity of the firewall rule (example - ingress rules that use source tags are more complex than ingress rules that use a single source IP range).
Instead of limits, it would be good to consider requirements while creating Firewall rules which would be different in respect to your GCP project.
A firewall rule is a description of what you wish to allow/deny. As you say, there is a quota on how many distinct rules you are permitted to define. However, an "application" of that rule has no quota. When a request is made to your network the set of rules in effect are matched against that request. This is an "application" of the rules. There is no limit nor quota on how many times the rules can be applied. There is no relationship between the quota of the number of rules you can define and how often those rules are consulted at runtime.
To try and clarify further ...
Imagine you have an application running inside GCP that is listening on port 12345. By default, ALL incoming traffic into your GCP VPC network is blocked. You may create a rule that defines that TCP traffic to port 12345 is allowed. This would be an example of a single rule.
For security, you may wish to only allow SSH traffic into your compute engines coming from a specific IP range. You may define a second rule that says that TCP traffic on port 222 is allowed BUT only from a specified IP range. This would be an example of another single rule.
If these were your only rules, you would then have a total of two rules defined. You are allowed to create 500 such rules per project. This is usually far more than you will ever need.
Distinguish the number of rules you have created from attempts to access your network. Every attempt to access your network will have all these rules applied. There is no quota on the number of times rules are applied ... only on the total number of rules that you have defined.
