Class CfnFirewallRuleGroup.FirewallRuleProperty
A single firewall rule in a rule group.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.Route53Resolver
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class FirewallRuleProperty : Object, CfnFirewallRuleGroup.IFirewallRuleProperty
Syntax (vb)
Public Class FirewallRuleProperty
Inherits Object
Implements CfnFirewallRuleGroup.IFirewallRuleProperty
Remarks
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.Route53Resolver;
var firewallRuleProperty = new FirewallRuleProperty {
Action = "action",
FirewallDomainListId = "firewallDomainListId",
Priority = 123,
// the properties below are optional
BlockOverrideDnsType = "blockOverrideDnsType",
BlockOverrideDomain = "blockOverrideDomain",
BlockOverrideTtl = 123,
BlockResponse = "blockResponse",
FirewallDomainRedirectionAction = "firewallDomainRedirectionAction",
Qtype = "qtype"
};
Synopsis
Constructors
FirewallRuleProperty() |
Properties
Action | The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: - |
BlockOverrideDnsType | The DNS record's type. |
BlockOverrideDomain | The custom DNS record to send back in response to the query. |
BlockOverrideTtl | The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. |
BlockResponse | The way that you want DNS Firewall to block the request. Used for the rule action setting |
FirewallDomainListId | The ID of the domain list that's used in the rule. |
FirewallDomainRedirectionAction | How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME. |
Priority | The priority of the rule in the rule group. |
Qtype | The DNS query type you want the rule to evaluate. Allowed values are; |
Constructors
FirewallRuleProperty()
public FirewallRuleProperty()
Properties
Action
The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list: - ALLOW
- Permit the request to go through.
public string Action { get; set; }
Property Value
System.String
Remarks
if BlockResponse
is OVERRIDE
, then all of the following OVERRIDE
attributes must be specified:
BlockOverrideDnsType
The DNS record's type.
public string BlockOverrideDnsType { get; set; }
Property Value
System.String
Remarks
This determines the format of the record value that you provided in BlockOverrideDomain
. Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
BlockOverrideDomain
The custom DNS record to send back in response to the query.
public string BlockOverrideDomain { get; set; }
Property Value
System.String
Remarks
Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
BlockOverrideTtl
The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record.
public Nullable<double> BlockOverrideTtl { get; set; }
Property Value
System.Nullable<System.Double>
Remarks
Used for the rule action BLOCK
with a BlockResponse
setting of OVERRIDE
.
BlockResponse
The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK
.
public string BlockResponse { get; set; }
Property Value
System.String
Remarks
FirewallDomainListId
The ID of the domain list that's used in the rule.
public string FirewallDomainListId { get; set; }
Property Value
System.String
Remarks
FirewallDomainRedirectionAction
How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME, or DNAME.
public string FirewallDomainRedirectionAction { get; set; }
Property Value
System.String
Remarks
Inspect_Redirection_Domain
(Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.
Trust_Redirection_Domain
inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.
Priority
The priority of the rule in the rule group.
public double Priority { get; set; }
Property Value
System.Double
Remarks
This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.
Qtype
The DNS query type you want the rule to evaluate. Allowed values are;
public string Qtype { get; set; }
Property Value
System.String