Host-based firewall settings

[jaysonmc]

Security requirement:

"Where feasible, implement a host- based firewall that enforces a deny all/allow by exception policy."

• Detailed comment in this issue
• Reference to documentation
• An issue or PR that addresses this issue

[gabrielcossette]

Nothing specifically about firewalls but still good draft guidance (internal): https://www.gcpedia.gc.ca/wiki/File:Guidance_for_Secure_Containers_and_Microservices.pdf

[jaysonmc]

Im not sure this is the most useful control in a cloud setting any who, so if you've done enough reading to satisfy you and can't find anything that directly addresses this, we can just close it

Depending how one defines "host", this is default functionality using the large cloud vendors any who, so we can say...

Reference architecture document. NSG is leveraged, therefore firewalls settings are in place.