Built-in Structural Rules
15 rules that are always active regardless of framework toggles. They detect structural issues with the flow definition itself - overly broad addresses, dangerous port ranges, protocol misconfigurations, special addresses, and input warnings.
| Rule ID | Severity | Category | Summary |
|---|---|---|---|
| BUILTIN-SRC-ANY | CRITICAL | Source Identity | Source is any IP (0.0.0.0/0) |
| BUILTIN-SRC-PUBLIC | HIGH | Source Identity | Source is a public IP address |
| BUILTIN-SRC-BROAD | HIGH | Source Breadth | Source subnet is overly broad |
| BUILTIN-DST-ANY | CRITICAL | Destination Identity | Destination is any IP (0.0.0.0/0) |
| BUILTIN-DST-PUBLIC | HIGH | Destination Identity | Destination is a public IP address |
| BUILTIN-DST-BROAD | HIGH | Destination Breadth | Destination subnet is overly broad |
| BUILTIN-PORT-BROAD | CRITICAL | Port Breadth | Port range is overly broad or covers all ports |
| BUILTIN-PROTO-ANY | MEDIUM | Protocol | Protocol set to Any |
| BUILTIN-SAME-IP | INFO | Routing Anomaly | Source and destination are the same IP |
| BUILTIN-LOOPBACK | MEDIUM | Special Address | Loopback address (127.x.x.x) detected |
| BUILTIN-LINKLOCAL | MEDIUM | Special Address | Link-local address (169.254.x.x) detected |
| BUILTIN-MULTICAST | MEDIUM | Special Address | Multicast address (224-239.x.x.x) detected |
| BUILTIN-BROADCAST | LOW | Special Address | Possible broadcast address (.255) detected |
| BUILTIN-SRC-HOSTBITS | LOW | Input Warning | Source has host bits set in CIDR |
| BUILTIN-DST-HOSTBITS | LOW | Input Warning | Destination has host bits set in CIDR |
These rules can be individually disabled in the Rules tab.