last sync: 2021-Sep-22 19:36:51 UTC

Azure Policy definition

Network interfaces should disable IP forwarding

Name Network interfaces should disable IP forwarding
Azure Portal
Id 88c0b9da-ce96-4b03-9635-f29a937e2900
Version 1.0.0
details on versioning
Category Network
Microsoft docs
Description This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.
Mode Indexed
Type BuiltIn
Preview FALSE
Deprecated FALSE
Effect Fixed: deny
Used RBAC Role none
History none
Used in Initiatives
Initiative DisplayName Initiative Id Initiative Category State
[Preview]: Motion Picture Association of America (MPAA) 92646f03-e39d-47a9-9e24-58d60ef49af8 Regulatory Compliance Preview
JSON
{
  "displayName": "Network interfaces should disable IP forwarding",
  "policyType": "BuiltIn",
  "mode": "Indexed",
  "description": "This policy denies the network interfaces which enabled IP forwarding. The setting of IP forwarding disables Azure's check of the source and destination for a network interface. This should be reviewed by the network security team.",
  "metadata": {
    "version": "1.0.0",
    "category": "Network"
  },
  "parameters": {},
  "policyRule": {
    "if": {
      "allOf": [
        {
          "field": "type",
          "equals": "Microsoft.Network/networkInterfaces"
        },
        {
          "field": "Microsoft.Network/networkInterfaces/enableIpForwarding",
          "equals": "true"
        }
      ]
    },
    "then": {
      "effect": "deny"
    }
  }
}