Ensure GCP Google compute firewall ingress does not allow FTP port (20) access

*Error: GCP Google compute firewall ingress allows FTP port (20) access**
Bridgecrew Policy ID: BC_GCP_NETWORKING_18
Checkov Check ID: CKV_GCP_77
Severity: LOW

GCP Google compute firewall ingress allows FTP port (20) access

Description

It is a best practice to ensure that your firewall ingress rules do not allow unrestricted access to FTP port 20, as it can increase the risk of unauthorized access or attacks on your network. FTP (File Transfer Protocol) is a widely used protocol for transferring files between computers, but it can also be a potential security risk if not properly configured. By restricting access to only specific IP addresses or ranges that you trust, you can help secure your network from potential threats.

Fix - Runtime

Fix - Buildtime

Terraform

resource "google_compute_firewall" "restricted" {
  name    = "example"
  network = "google_compute_network.vpc.name"

  allow {
    protocol = "tcp"
    ports    = ["20"]
  }

  source_ranges = ["172.1.2.3/32"]
  target_tags   = ["ftp"]
}