[REVIEW] firewall-review: add NAT egress attribution gaps gates
Skill Being Reviewed
Skill name: firewall-review
Skill path: skills/network/firewall-review/
False Positive Analysis
Shared NAT egress is acceptable when flow logs, workload identity, subnet ownership, and proxy logs can attribute traffic to the source workload.
Coverage Gaps
Firewall reviews often verify allowed egress but miss attribution. A broad NAT IP can hide which service made a risky outbound connection, weakening incident response and policy cleanup.
Edge Cases
- Serverless workloads share provider NAT.
- Kubernetes pods egress through node IP.
- Third-party allowlists require stable NAT but reduce attribution.
Remediation Quality
- Add evidence fields: NAT gateway, source subnet/workload, flow logs, proxy logs, owner, and retention.
- Require per-workload attribution for high-risk egress.
- Flag allowlists that rely only on shared public IP.
Comparison to Other Tools
Cloud flow logs show IPs; service mesh/proxy logs can add workload identity.
Overall Assessment
Add NAT attribution gates so firewall reviews support investigation and least privilege.
Bounty Info
[REVIEW] firewall-review: add NAT egress attribution gaps gates
Skill Being Reviewed
Skill name:
firewall-reviewSkill path:
skills/network/firewall-review/False Positive Analysis
Shared NAT egress is acceptable when flow logs, workload identity, subnet ownership, and proxy logs can attribute traffic to the source workload.
Coverage Gaps
Firewall reviews often verify allowed egress but miss attribution. A broad NAT IP can hide which service made a risky outbound connection, weakening incident response and policy cleanup.
Edge Cases
Remediation Quality
Comparison to Other Tools
Cloud flow logs show IPs; service mesh/proxy logs can add workload identity.
Overall Assessment
Add NAT attribution gates so firewall reviews support investigation and least privilege.
Bounty Info
CONTRIBUTING.mdbounty terms.samik4184@gmail.com