Link Search Menu Expand Document

An outbound firewall rule allows traffic to /0.

Explanation

Network security rules should not use very broad subnets.

Where possible, segments should be broken into smaller subnets and avoid using the /0 subnet.

Insecure Example

The following example will fail the GCP004 check.

resource "google_compute_firewall" "my-firewall" {
	destination_ranges = ["0.0.0.0/0"]
}

Secure Example

The following example will pass the GCP004 check.

resource "google_compute_firewall" "my-firewall" {
	destination_ranges = ["1.2.3.4/32"]
}