Control: IP Forwarding on your virtual machine should be disabled
Description
Enabling IP forwarding on a virtual machine's NIC allows the machine to receive traffic addressed to other destinations. IP forwarding is rarely required (e.g., when using the VM as a network virtual appliance), and therefore, this should be reviewed by the network security team.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.network_interface_ip_forwarding_disabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.network_interface_ip_forwarding_disabled --shareSQL
This control uses a named query:
with vm_using_nic as ( select id as vm_id, name as vm_name, resource_group, _ctx, region, subscription_id, b ->> 'id' as nic_id from azure_compute_virtual_machine as c, jsonb_array_elements(network_interfaces) as b)select v.vm_id as resource, case when i.enable_ip_forwarding then 'alarm' else 'ok' end as status, case when i.enable_ip_forwarding then v.vm_name || ' using ' || i.name || ' network interface enabled with IP forwarding.' else v.vm_name || ' using ' || i.name || ' network interface disabled with IP forwarding.' end as reason , v.resource_group as resource_group , sub.display_name as subscriptionfrom azure_subscription as sub, vm_using_nic as v left join azure_network_interface as i on i.id = v.nic_id;