Firewall rules only apply at a VPC Network Level.

They have nothing to do with preventing traffic to and from cloud storage.

To do that, you have to either use

a) Org policies - Enforce public access prevention

b) ACLs and IAM on the storage bucket.

c) Signed URLs

People often confuse the ACLs on storage buckets with Firewall rules.