GCP Compute Firewall allows public access Affecting Network service in Google

Severity Framework Snyk CCSS

Rule category Network / Firewall

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CIS-Controls CSA-CCM ISO-27001 NIST-800-53 PCI-DSS SOC-2

Snyk ID SNYK-CC-00401
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Inbound traffic is allowed to a resource from any source instead of a restricted range.

How to fix?

Set source_ranges to specific IP range only, e.g. 192.168.1.0/24.

Example Configuration

resource "google_compute_firewall" "allowed" {
  name      = "test-firewall"
  network   = "default"
  direction = "INGRESS"
  allow {
    protocol = "icmp"
  }
  allow {
    protocol = "tcp"
    ports    = ["80", "8080", "1000-2000"]
  }
  source_ranges = ["192.168.0.0/24"]
}

Terraform

google_compute_firewall