IP Forwarding Enabled

  • Query id: f34c0c25-47b4-41eb-9c79-249b4dd47b89
  • Query name: IP Forwarding Enabled
  • Platform: Terraform
  • Severity: Medium
  • Category: Networking and Firewall
  • URL: Github

Description

Instances must not have IP forwarding enabled, which means the attribute 'can_ip_forward' must not be true
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "google_compute_instance" "appserver" {
  name           = "primary-application-server"
  machine_type   = "e2-medium"
  can_ip_forward = true

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    network = "default"
  }
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "google_compute_instance" "appserver" {
  name           = "primary-application-server"
  machine_type   = "e2-medium"
  can_ip_forward = false

  boot_disk {
    initialize_params {
      image = "debian-cloud/debian-11"
    }
  }

  network_interface {
    network = "default"
  }
}