Class CfnRuleGroup.HeaderProperty
The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class HeaderProperty : Object, CfnRuleGroup.IHeaderProperty
Syntax (vb)
Public Class HeaderProperty
Inherits Object
Implements CfnRuleGroup.IHeaderProperty
Remarks
Traffic flows that match the criteria are a match for the corresponding stateful rule.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var headerProperty = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
};
Synopsis
Constructors
HeaderProperty() |
Properties
Destination | The destination IP address or address range to inspect for, in CIDR notation. |
DestinationPort | The destination port to inspect for. |
Direction | The direction of traffic flow to inspect. |
Protocol | The protocol to inspect for. |
Source | The source IP address or address range to inspect for, in CIDR notation. |
SourcePort | The source port to inspect for. |
Constructors
HeaderProperty()
public HeaderProperty()
Properties
Destination
The destination IP address or address range to inspect for, in CIDR notation.
public string Destination { get; set; }
Property Value
System.String
Remarks
To match with any address, specify ANY
.
Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
DestinationPort
The destination port to inspect for.
public string DestinationPort { get; set; }
Property Value
System.String
Remarks
You can specify an individual port, for example 1994
and you can specify a port range, for example 1990:1994
. To match with any port, specify ANY
.
Direction
The direction of traffic flow to inspect.
public string Direction { get; set; }
Property Value
System.String
Remarks
If set to ANY
, the inspection matches bidirectional traffic, both from the source to the destination and from the destination to the source. If set to FORWARD
, the inspection only matches traffic going from the source to the destination.
Protocol
The protocol to inspect for.
public string Protocol { get; set; }
Property Value
System.String
Remarks
To specify all, you can use IP
, because all traffic on AWS and on the internet is IP.
Source
The source IP address or address range to inspect for, in CIDR notation.
public string Source { get; set; }
Property Value
System.String
Remarks
To match with any address, specify ANY
.
Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.
Examples:
For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .
SourcePort
The source port to inspect for.
public string SourcePort { get; set; }
Property Value
System.String
Remarks
You can specify an individual port, for example 1994
and you can specify a port range, for example 1990:1994
. To match with any port, specify ANY
.