Ensure VCN inbound security lists are stateless
Error: OCI VCN Security list has stateful security rules
Bridgecrew Policy ID: BC_OCI_NETWORKING_2
Checkov Check ID: CKV_OCI_17
Severity: HIGH
OCI VCN Security list has stateful security rules
Description
This policy identifies the OCI Virtual Cloud Networks (VCN) security lists that have stateful ingress rules configured in their security lists. It is recommended that Virtual Cloud Networks (VCN) security lists are configured with stateless ingress rules to slow the impact of a denial-of-service (DoS) attack.
Fix - Runtime
OCI Console
- Login to the OCI Console
- Type the resource reported in the alert into the Search box at the top of the Console.
- Click the resource reported in the alert from the Resources submenu
- Click on Ingress rule where Stateless column is set to No
- Click on Edit
- Select the checkbox STATELESS
- Click on Save Changes
Fix - Buildtime
Terraform
- Resource: oci_core_security_list
- Arguments: vcn_id + ingress_security_rule
resource "oci_core_security_list" "pass" {
compartment_id = oci_identity_compartment.tf-compartment.id
vcn_id = oci_core_vcn.test_vcn.id
ingress_security_rules {
protocol = "all"
source="192.168.1.0/24"
}
}
Updated 6 months ago