GCP Firewall with Inbound rule overly permissive to All Traffic
Description
This policy identifies GCP Firewall rules which allows inbound traffic on all protocols from public internet. Doing so, may allow a bad actor to brute force their way into the system and potentially get access to the entire network.
Code Example
go
# pass
resource "google_compute_firewall" "compute-firewall-ok-1" {
name = "compute-firewall-ok-1"
network = google_compute_network.example.name
deny {
protocol = "all"
}
source_ranges = ["0.0.0.0/0"]
disabled = false
}Remediation
Terraform
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0997 |
| Severity | LOW |
| IaC Type | Terraform |
| Frameworks | Terraform |
| Checkov ID | CKV2_GCP_12 |