search

Solid-Potential / solid-egress-filter

Solid Egress Filter - traffic filtering NAT your network deserves
GNU General Public License v3.0
3 stars 0 forks source link
cloud egress-filter gcp google-cloud-platform mitmproxy networking solid-potential

readme

Solid Egress Filter - Terraform Modules

Terraform modules that allow for easy egress filtering in Cloud. It was loosely inspired by this article on the AWS Security Blog.

It's especially useful for systems that value data security. Using egress filtering handles a vast array of attack vectors, like Reverse Shells.

:warning: Pre-Release warning :warning:

This codebase is currently under early-stage developemnt. It is still not tested, contains hardcoded values and only works for special use-cases.

If you need this module show us love by leaving a star, and consider contributing.

Table of Contents

How it works

The module re-configures the entire VPC routing to redirect all egress traffic to a MITM Proxy in Transparent mode. This allows us to avoid client-side configuration and ensures all egress traffic is compliant by default.

The Proxy acts as a NAT gateway for the VPC and gets exclusive rights to access the Internet via network tags and firewall rules.

TODO: abstract architecture diagram

Usage

GCP example:

module "egress_filter" {
  source   = "TODO"
  variable = "TODO
}

Supported Cloud Providers

Code style, code analysis and documentation

Code style guide can be found here

For static code analysis we are using tfsec - tool for static analysis of terraform code to spot potential misconfigurations.

Module documentation is generated using tfdoc. Be sure to follow our code convention!

Contribution

We appreciate feedback and contribution to this template! Before you get started, please see the following:

Licence

This repo is covered under the GNU General Public License

Stars over time

Stars over time