IP Forwarding Enabled
- Query id: 7c98538a-81c6-444b-bf04-e60bc3ceeec0
- Query name: IP Forwarding Enabled
- Platform: GoogleDeploymentManager
- Severity: Medium
- Category: Networking and Firewall
- CWE: 1188
- URL: Github
Description¶
Instances must not have IP forwarding enabled, which means the attribute 'canIpForward' must not be true
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
resources:
- name: vm-template
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-9
networkInterfaces:
- network: global/networks/default
canIpForward: true
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
resources:
- name: vm-template2
type: compute.v1.instance
properties:
zone: us-central1-a
machineType: zones/us-central1-a/machineTypes/n1-standard-1
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
sourceImage: projects/debian-cloud/global/images/family/debian-9
networkInterfaces:
- network: global/networks/default
canIpForward: false