An outbound firewall rule allows traffic to /0.
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets and avoid using the /0 subnet.
Impact
The port is exposed for egress to the internet
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Set a more restrictive cidr range
1
2
3
4
5
6
7
|
resource "google_compute_firewall" "good_example" {
direction = "EGRESS"
allow {
protocol = "icmp"
}
destination_ranges = ["1.2.3.4/32"]
}
|
Links