An outbound firewall rule allows traffic to /0
.
Explanation
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets and avoid using the /0
subnet.
Insecure Example
The following example will fail the GCP004 check.
resource "google_compute_firewall" "my-firewall" {
destination_ranges = ["0.0.0.0/0"]
}
Secure Example
The following example will pass the GCP004 check.
resource "google_compute_firewall" "my-firewall" {
destination_ranges = ["1.2.3.4/32"]
}