Google Compute Network Using Default Firewall Rule
- Query id: 40abce54-95b1-478c-8e5f-ea0bf0bb0e33
- Query name: Google Compute Network Using Default Firewall Rule
- Platform: Terraform
- Severity: Medium
- Category: Networking and Firewall
- URL: Github
Description¶
Google Compute Network should not use default firewall rule
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "google_compute_firewall" "positive1" {
name = "default"
network = google_compute_network.positive1.name
}
resource "google_compute_network" "positive1" {
name = "test-network"
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "google_compute_firewall" "negative1" {
name = "test-firewall"
network = google_compute_network.negative1.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80", "8080"]
}
source_tags = ["web"]
}
resource "google_compute_network" "negative1" {
name = "test-network"
}