OCI Network Security Groups (NSG) has stateful security rules

Description

Stateless rules for network security groups create one way traffic rather than two. This makes it very explicit which ports are available internally and externally. This is recommended for high volume websites.

Code Example

resource "oci_core_network_security_group_security_rule" "pass" {
  network_security_group_id = oci_core_network_security_group.test_network_security_group.id
  direction                 = "INGRESS"
  protocol                  = var.network_security_group_security_rule_protocol
+  stateless                 = true
}

Remediation

Resource: oci_core_network_security_group_security_rule
Arguments: stateless

Rule Details

Field	Value
ID	IAC-1248
Severity	MEDIUM
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_OCI_21

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OCI Network Security Groups (NSG) has stateful security rules

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OCI Network Security Groups (NSG) has stateful security rules ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OCI Network Security Groups (NSG) has stateful security rules

Description

Code Example

Remediation

Rule Details

References