Google Compute Network Using Default Firewall Rule

• Query id: 40abce54-95b1-478c-8e5f-ea0bf0bb0e33
• Query name: Google Compute Network Using Default Firewall Rule
• Platform: Terraform
• Severity: Medium
• Category: Networking and Firewall
• URL: Github

Description

Google Compute Network should not use default firewall rule
Documentation

Code samples

Code samples with security vulnerabilities

Postitive test num. 1 - tf file

resource "google_compute_firewall" "positive1" {
  name    = "default"
  network = google_compute_network.positive1.name
}

resource "google_compute_network" "positive1" {
  name = "test-network"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "google_compute_firewall" "negative1" {
  name    = "test-firewall"
  network = google_compute_network.negative1.name

  allow {
    protocol = "icmp"
  }

  allow {
    protocol = "tcp"
    ports    = ["80", "8080"]
  }

  source_tags = ["web"]
}

resource "google_compute_network" "negative1" {
  name = "test-network"
}