GCP Google compute firewall ingress allow FTP port (20) access
Description
It is a best practice to ensure that your firewall ingress rules do not allow unrestricted access to FTP port 20, as it can increase the risk of unauthorized access or attacks on your network. FTP (File Transfer Protocol) is a widely used protocol for transferring files between computers, but it can also be a potential security risk if not properly configured. By restricting access to only specific IP addresses or ranges that you trust, you can help secure your network from potential threats.
Code Example
go
resource "google_compute_firewall" "restricted" {
name = "example"
network = "google_compute_network.vpc.name"
allow {
protocol = "tcp"
ports = ["20"]
}
source_ranges = ["172.1.2.3/32"]
target_tags = ["ftp"]
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0935 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV_GCP_77 |