Ensure Outbound Firewall Policy is not set to ACCEPT

Description

This policy checks whether the outbound firewall policy is set to ACCEPT, which could allow unauthorized traffic to leave the network. It is essential to restrict outbound traffic to prevent potential security breaches and data leaks. The rule checks the 'outbound_policy' attribute of the 'linode_firewall' resource and ensures it is set to 'DROP' instead of 'ACCEPT'. By doing so, it helps prevent malicious activity and protects the network from unauthorized access.

Code Example

terraform

resource "linode_firewall" "example" {
  outbound_policy = "DROP"
}

Remediation

Update the 'outbound_policy' attribute of the 'linode_firewall' resource to 'DROP' to restrict outbound traffic.

Rule Details

Field	Value
ID	IAC-1203
Severity	HIGH
IaC Type	Terraform
Frameworks	linode_firewall
Checkov ID	CKV_LIN_6

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure Outbound Firewall Policy is not set to ACCEPT

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure Outbound Firewall Policy is not set to ACCEPT ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure Outbound Firewall Policy is not set to ACCEPT

Description

Code Example

Remediation

Rule Details

References