NAT Gateway Risk Ports Check

ID: rule:aliyun:nat-risk-ports-check
Severity: high

Description

NAT gateway DNAT mappings should not expose risky ports to the internet to prevent security vulnerabilities.

Reason for Violation

Exposing risky ports through DNAT can lead to security vulnerabilities and potential attacks.

Recommendation

Avoid mapping well-known risky ports (e.g., 22, 3389, 445) through DNAT.

Resource Types

• ALIYUN::NAT::NatGateway