Pattern: An outbound firewall rule allows traffic to /0
Issue: -
Network security rules should not use very broad subnets.
Where possible, segments should be broken into smaller subnets and avoid using the /0 subnet.
Resolution: Set a more restrictive cidr range.
Example of incorrect code:
resource "google_compute_firewall" "bad_example" {
destination_ranges = ["0.0.0.0/0"]
}Example of correct code:
resource "google_compute_firewall" "good_example" {
destination_ranges = ["1.2.3.4/32"]
}