Improve firewall effective egress evidence

skills/network/firewall-review/SKILL.md

@@ -250,6 +250,34 @@ Egress filtering prevents compromised internal hosts from establishing unrestric
 - Uncommon outbound protocols (SSH 22, RDP 3389, ICMP) are restricted or denied by default.
 - Outbound connections to known anonymization services (Tor exit nodes) are blocked.
 
+#### Effective Egress and Temporary-Rule Evidence Gate
+
+For cloud and hybrid firewalls, declared policy is not enough. Validate the effective rule path and exception lifecycle before treating broad egress as controlled.
+
+| Check ID | Evidence to collect | Failure condition |
+|----------|---------------------|-------------------|
+| `FW-EGRESS-01` | Effective rules from the cloud provider, host firewall, NACL/NSG, and security group for the reviewed workload | IaC or policy documents claim restriction but effective rules still allow broad egress |
+| `FW-EGRESS-02` | Route table, NAT gateway, internet gateway, peering, transit gateway, proxy, and service-endpoint path for outbound traffic | Workload can bypass the approved proxy or egress firewall through a parallel route |
+| `FW-EGRESS-03` | Destination allowlist with FQDN/IP, port, protocol, owner, and business purpose | Rule allows `0.0.0.0/0`, `::/0`, `any`, or arbitrary TCP/UDP without destination inventory |
+| `FW-EGRESS-04` | Evidence distinguishing stateful return traffic from outbound initiation | "Stateful return" is used to justify rules that permit new outbound sessions |
+| `FW-EGRESS-05` | Temporary-rule ticket, owner, approver, expiry, compensating monitor, and removal evidence | Temporary egress rule has no expiry, no owner, or remains active after the approved window |
+| `FW-EGRESS-06` | Cloud effective-rule export timestamp and coverage for every account, region, subnet, and workload in scope | Evidence is stale, partial, or limited to a single account/region while findings are generalized |
+| `FW-EGRESS-07` | Flow-log, proxy-log, DNS-log, or firewall-log evidence showing actual outbound destinations during the review window | Review accepts rule intent without checking runtime egress behavior |
+| `FW-EGRESS-08` | Exception risk decision and follow-up date for approved broad egress | Broad egress is accepted permanently without risk acceptance, review cadence, or removal plan |
+
+**Effective egress output fields:**
+
+| Field | Value |
+|-------|-------|
+| Effective-rule source | [cloud export / firewall manager / host firewall / mixed] |
+| Route and NAT path | [proxy / egress firewall / NAT gateway / internet gateway / bypass found] |
+| Destination allowlist status | [complete / partial / missing] |
+| Temporary-rule lifecycle | [none / active with expiry / active without expiry / expired still active] |
+| Runtime egress evidence | [flow logs / proxy logs / DNS logs / unavailable] |
+| Review coverage | [accounts, regions, subnets, workloads, timestamp] |
+| Exception owner and next review | [owner, ticket, expiry, follow-up date] |
+| Egress confidence | [High / Medium / Low plus missing evidence] |
+
 **Finding classification:** Unrestricted outbound egress (allow all) is **High**. Missing DNS egress restriction is **Medium**.
 
 ---
@@ -317,6 +345,18 @@ Produce the final report using the following structure.
 | SMTP (25)     | Yes/No    | <mail server IPs>      |
 | HTTPS (443)   | Yes/No    | <proxy or direct>      |
 
+### Effective Egress and Temporary Rules
+| Field | Value |
+|-------|-------|
+| Effective Rule Source | <cloud export / firewall manager / host firewall / mixed> |
+| Route and NAT Path | <proxy / egress firewall / NAT gateway / internet gateway / bypass found> |
+| Destination Allowlist Status | <complete / partial / missing> |
+| Temporary Rule Lifecycle | <none / active with expiry / active without expiry / expired still active> |
+| Runtime Egress Evidence | <flow logs / proxy logs / DNS logs / unavailable> |
+| Review Coverage | <accounts, regions, subnets, workloads, timestamp> |
+| Exception Owner and Next Review | <owner, ticket, expiry, follow-up date> |
+| Egress Confidence | <High / Medium / Low plus missing evidence> |
+
 ### Prioritized Remediation Plan
 1. **[Critical]** <action item with control reference>
 2. **[High]** <action item with control reference>
@@ -361,6 +401,8 @@ Produce the final report using the following structure.
 
 5. **Conflating network ACLs with security groups in cloud environments.** In AWS, NACLs are stateless and operate at the subnet level; security groups are stateful and operate at the instance level. Both must be audited. A permissive NACL can undermine restrictive security group rules for responses.
 
+6. **Accepting declared proxy-only egress without effective-path evidence.** A policy may say HTTPS goes through an approved proxy, while the subnet route table, NAT gateway, or default cloud security group still permits direct internet egress. Confirm effective rules and runtime flow evidence before downgrading broad egress.
+
 ---
 
 ## Prompt Injection Safety Notice

skills/network/firewall-review/tests/benign/proxy-egress-effective-rule-evidence.md

@@ -0,0 +1,43 @@
+# Benign Fixture: Proxy Egress Effective-Rule Evidence
+
+## Scenario
+
+A production workload uses outbound HTTPS through an approved proxy. The review
+collects effective cloud rules, route/NAT evidence, destination allowlists,
+runtime logs, and temporary-rule lifecycle evidence before downgrading broad
+egress concerns.
+
+## Evidence Snapshot
+
+| Field | Value |
+|---|---|
+| Workload | `prod-api-subnet-a` |
+| Declared egress policy | `tcp/443 to approved proxy endpoint only` |
+| Security group egress | `tcp/443 -> sg-approved-proxy` |
+| Route table | `0.0.0.0/0 -> egress-firewall-vpc-endpoint` |
+| NAT / internet gateway path | No direct NAT or internet gateway route from workload subnet |
+| NACL / NSG evidence | Outbound permits only proxy and internal resolver destinations |
+| Destination allowlist | Proxy FQDN/IP, DNS resolvers, package mirror, and payment API ranges with owners |
+| Temporary rule | `TEMP-INC-4412` removed after incident bridge |
+| Temporary rule expiry | `2026-06-02T18:00:00Z`; removal ticket `CHG-5520` closed |
+| Owner / approver | Network owner and incident commander documented |
+| Runtime logs | Flow logs and proxy logs show no direct internet egress during the review window |
+| Effective-rule export | Cloud effective rules exported for all production accounts and regions |
+| Review coverage | All production subnets, security groups, NACLs, and egress firewall policies at `2026-06-05T12:00:00Z` |
+
+## Positive Controls
+
+- `FW-EGRESS-01`: Effective rules match the declared proxy-only egress policy.
+- `FW-EGRESS-02`: Route and NAT evidence proves direct internet bypass is absent.
+- `FW-EGRESS-03`: Destination allowlist has owners and business purposes.
+- `FW-EGRESS-04`: Return traffic and outbound initiation are distinguished.
+- `FW-EGRESS-05`: Temporary rule has expiry, owner, approval, and removal evidence.
+- `FW-EGRESS-06`: Effective-rule export covers accounts, regions, subnets, and workloads.
+- `FW-EGRESS-07`: Runtime logs confirm observed egress follows the approved path.
+- `FW-EGRESS-08`: Any remaining exception has owner, next review date, and risk decision.
+
+## Expected Result
+
+Do not flag the proxy-only egress design as unrestricted outbound access. Any
+remaining finding should focus on narrower hygiene gaps, not broad egress or
+temporary-rule lifecycle failure.

skills/network/firewall-review/tests/vulnerable/cloud-egress-bypass-temporary-rule-no-expiry.md

@@ -0,0 +1,49 @@
+# Vulnerable Fixture: Cloud Egress Bypass and Temporary Rule Without Expiry
+
+## Scenario
+
+A production workload subnet is documented as "HTTPS through approved proxy
+only." The Terraform security group keeps a broad outbound rule, the subnet has
+a direct NAT route, and an incident bridge temporary rule remains active with no
+expiry.
+
+## Evidence Snapshot
+
+| Field | Value |
+|---|---|
+| Workload | `prod-api-subnet-a` |
+| Declared egress policy | `tcp/443 to approved proxy only` |
+| Security group egress | `0.0.0.0/0 tcp/443 allow` |
+| Route table | `0.0.0.0/0 -> nat-gateway-public-a` |
+| Proxy route enforcement | Not required by route table or endpoint policy |
+| NACL / NSG evidence | Default outbound allow |
+| Temporary rule | `TEMP-INC-4412 allow tcp any destination any` |
+| Temporary rule expiry | `null` |
+| Owner / approver | Missing owner; approver listed as "incident bridge" |
+| Runtime logs | Flow logs show direct connections to unapproved SaaS IP ranges |
+| Effective-rule export | Only Terraform reviewed; no cloud effective-rule export |
+| Review coverage | Single subnet checked, but report generalizes to all production |
+
+## Problem Indicators
+
+- `FW-EGRESS-01`: Declared policy and effective cloud rules disagree.
+- `FW-EGRESS-02`: NAT route bypasses the approved proxy path.
+- `FW-EGRESS-03`: Destination allowlist is missing for broad outbound HTTPS.
+- `FW-EGRESS-04`: Stateful return traffic is used to justify new outbound sessions.
+- `FW-EGRESS-05`: Temporary egress rule has no expiry, owner, or removal evidence.
+- `FW-EGRESS-06`: Effective-rule evidence is partial and stale.
+- `FW-EGRESS-07`: Runtime flow logs show unapproved direct egress.
+- `FW-EGRESS-08`: Broad egress is accepted without risk owner or next review.
+
+## Expected Finding
+
+Classify as **High** because the workload can initiate direct outbound internet
+traffic despite a proxy-only policy claim. The temporary rule should be treated
+as an active exception requiring owner assignment, expiry, and removal evidence.
+
+## Required Remediation
+
+Replace broad outbound rules with destination-scoped egress, force routes
+through the approved proxy or egress firewall, remove or expire the temporary
+rule, assign an owner and approver, and verify runtime flow logs after the
+change.