Ensure VCN inbound security lists are stateless

Error: OCI VCN Security list has stateful security rules
Bridgecrew Policy ID: BC_OCI_NETWORKING_2
Checkov Check ID: CKV_OCI_17
Severity: HIGH

Suggest Edits

OCI VCN Security list has stateful security rules

Description

This policy identifies the OCI Virtual Cloud Networks (VCN) security lists that have stateful ingress rules configured in their security lists. It is recommended that Virtual Cloud Networks (VCN) security lists are configured with stateless ingress rules to slow the impact of a denial-of-service (DoS) attack.

Fix - Runtime

OCI Console

Login to the OCI Console
Type the resource reported in the alert into the Search box at the top of the Console.
Click the resource reported in the alert from the Resources submenu
Click on Ingress rule where Stateless column is set to No
Click on Edit
Select the checkbox STATELESS
Click on Save Changes

Fix - Buildtime

Terraform

Resource: oci_core_security_list
Arguments: vcn_id + ingress_security_rule

resource "oci_core_security_list" "pass" {
    compartment_id = oci_identity_compartment.tf-compartment.id
    vcn_id = oci_core_vcn.test_vcn.id
    ingress_security_rules {
        protocol = "all"
        source="192.168.1.0/24"
    }
}

Updated 10 months ago