Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rule top warn on ipProtocol -1 #37

Closed
twellspring opened this issue Aug 13, 2019 · 1 comment
Closed

Rule top warn on ipProtocol -1 #37

twellspring opened this issue Aug 13, 2019 · 1 comment
Assignees
@michae1ho11ey

Comments

@twellspring
Copy link
Contributor

twellspring commented Aug 13, 2019
edited
Loading

See stelligent/cfn_nag#273

Setting IpProtocol: '-1' can produce unexpected results. Per the docs, when -1 is used, ToPort and FromPort are essentially ignored and access is granted on all ports from all protocols.

Terraform documentation shows a similar use of -1
https://www.terraform.io/docs/providers/aws/r/security_group.html
michae1ho11ey added a commit that referenced this issue Aug 15, 2019
@michae1ho11ey
Add rule to check for protocol -1, #37
4883c58
michae1ho11ey added a commit that referenced this issue Aug 15, 2019
@michae1ho11ey
Add rule to check for protocol -1, #37
b497327 
Fix rule operator to limit false possitive
Switch cindr_block to string for sg_all_protocols
Fix spelling errors in all_protocols rules
Update test file to use correct spelled test name
@kmonihen
Copy link
Contributor

SG_EGRESS_ALL_PROTOCOLS and SG_INGRESS_ALL_PROTOCOLS cover this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michae1ho11ey michae1ho11ey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@michae1ho11ey @twellspring @kmonihen