Ensure GCP compute firewall ingress does not allow unrestricted access to all ports
Error: GCP Firewall with Inbound rule overly permissive to All Traffic
Bridgecrew Policy ID: BC_GCP_NETWORKING_20
Checkov Check ID: CKV2_GCP_12
Severity: HIGH
GCP Firewall with Inbound rule overly permissive to All Traffic
Description
This policy identifies GCP Firewall rules which allows inbound traffic on all protocols from public internet. Doing so, may allow a bad actor to brute force their way into the system and potentially get access to the entire network.
Fix - Runtime
Fix - Buildtime
Terraform
# pass
resource "google_compute_firewall" "compute-firewall-ok-1" {
name = "compute-firewall-ok-1"
network = google_compute_network.example.name
deny {
protocol = "all"
}
source_ranges = ["0.0.0.0/0"]
disabled = false
}
Updated 5 months ago