Open access allowed in firewall inbound rule

Severity	Exploitability	Providers	Categories
CRITICAL	HIGH	DigitalOcean	NETWORK

Description

Firewall ingress filtering dictates allowed traffic initiated outside the local network and destined for a local network. It is considered the first line of defense in a network security strategy.

By allowing traffic from /0. all incoming traffic are authorized. This includes unauthorized, suspicious and harmful traffic.

In general, it is good practice to avoid very broad network subnet in firewall rules.

Impact

Potential data exposure	Visible in logs	User interaction required	Privileges required
True	True	False	False

Suspicious traffic not filtered.
Unauthorized instance access.
Distributed Denial of Service (DDoS) attacks vulnerability.

Remediation guidelines

Define a more restrictive firewall ingress rule. A log review may be relevant to find any unwanted connection.

References

DigitalOcean - How to configure Firewall Rules

Open access allowed in firewall inbound rule

Description

Impact

Remediation guidelines

References

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Open access allowed in firewall inbound rule

Description​

Impact​

Remediation guidelines​

References​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

Impact

Remediation guidelines

References