Azure and GCP Perimeter Security, CIS Updates, and Enhanced Plugins →
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-gcp-perimeter
Overview
3Dashboards
33Benchmarks
0Queries
6Variables
GitHub

Control: VPC firewall rules should restrict ingress TCP and UDP access from 0.0.0.0/0 and ::/0

Description

This control checks whether firewall rules allow inbound TCP or UDP access from 0.0.0.0/0 or ::/0 to prevent unrestricted access to resources.

Usage

Run the control in your terminal:

powerpipe control run gcp_perimeter.control.vpc_firewall_restrict_ingress_tcp_udp_all

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run gcp_perimeter.control.vpc_firewall_restrict_ingress_tcp_udp_all --share

Steampipe Tables

gcp_compute_firewall
GCP plugin

SQL

with firewall_tcp_udp as (
  select
    distinct self_link
  from
    gcp_compute_firewall,
    jsonb_array_elements(allowed) as a
  where
    direction = 'INGRESS'
    and (
      source_ranges @> '["0.0.0.0/0"]'
      or source_ranges @> '["::/0"]'
    )
    and (
      a ->> 'IPProtocol' in ('tcp', 'udp', 'all')
    )
)
select
  f.self_link as resource,
  case
    when p.self_link is null then 'ok'
    else 'alarm'
  end as status,
  case
    when p.self_link is null then f.title || ' does not allow TCP/UDP access from 0.0.0.0/0 or ::/0.'
    else f.title || ' allows TCP/UDP access from 0.0.0.0/0 or ::/0.'
  end as reason
  
  , f.location, f.project
from
  gcp_compute_firewall as f
  left join firewall_tcp_udp as p on p.self_link = f.self_link;

Tags

category = Perimeter
plugin = gcp
service = GCP/Compute