An inbound firewall rule allows traffic from /0 TF-GCP003

Firewall source IPs must be restrictive. Specifying a non restrictive IP range allows your infrastructure to send traffic to unauthorized IP ranges. Specify a restrictive source IP range in the source_ranges attribute. Refer https://cloud.google.com/vpc/docs/using-firewalls for an overview.