OpenStack firewall rule does not have destination IP configured

Description

Explicitly setting a destination IP Address will make sure that the IP destination is managed in code. You also need to ensure that the destination IP is not 0.0.0.0 so that the firewall rule is exposed to the world.

Code Example

resource "openstack_fw_rule_v1" "fail" {
    name             = "my_rule_world"
    description      = "let anyone in"
    action           = "allow"
    protocol         = "tcp"
    destination_port = "22"
    enabled          = "true"
}

Remediation

Terraform

Resource: openstack_fw_rule_v1
Arguments: destination_ip_address

Rule Details

Field	Value
ID	IAC-1282
Severity	LOW
IaC Type	Terraform
Frameworks	Terraform
Checkov ID	CKV_OPENSTACK_5

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

OpenStack firewall rule does not have destination IP configured

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

OpenStack firewall rule does not have destination IP configured ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

OpenStack firewall rule does not have destination IP configured

Description

Code Example

Remediation

Rule Details

References