Interface CfnRuleGroup.IRulesSourceProperty
The stateless or stateful rules definitions for use in a single rule group.
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.AWS.NetworkFirewall.dll
Syntax (csharp)
public interface IRulesSourceProperty
Syntax (vb)
Public Interface IRulesSourceProperty
Remarks
Each rule group requires a single RulesSource
. You can use an instance of this for either stateless rules or stateful rules.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var rulesSourceProperty = new RulesSourceProperty {
RulesSourceList = new RulesSourceListProperty {
GeneratedRulesType = "generatedRulesType",
Targets = new [] { "targets" },
TargetTypes = new [] { "targetTypes" }
},
RulesString = "rulesString",
StatefulRules = new [] { new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
// the properties below are optional
Settings = new [] { "settings" }
} }
} },
StatelessRulesAndCustomActions = new StatelessRulesAndCustomActionsProperty {
StatelessRules = new [] { new StatelessRuleProperty {
Priority = 123,
RuleDefinition = new RuleDefinitionProperty {
Actions = new [] { "actions" },
MatchAttributes = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
}
}
} },
// the properties below are optional
CustomActions = new [] { new CustomActionProperty {
ActionDefinition = new ActionDefinitionProperty {
PublishMetricAction = new PublishMetricActionProperty {
Dimensions = new [] { new DimensionProperty {
Value = "value"
} }
}
},
ActionName = "actionName"
} }
}
};
Synopsis
Properties
RulesSourceList | Stateful inspection criteria for a domain list rule group. |
RulesString | Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. |
StatefulRules | An array of individual stateful rules inspection criteria to be used together in a stateful rule group. |
StatelessRulesAndCustomActions | Stateless inspection criteria to be used in a stateless rule group. |
Properties
RulesSourceList
Stateful inspection criteria for a domain list rule group.
virtual object RulesSourceList { get; }
Property Value
System.Object
Remarks
RulesString
Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules.
virtual string RulesString { get; }
Property Value
System.String
Remarks
Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.
StatefulRules
An array of individual stateful rules inspection criteria to be used together in a stateful rule group.
virtual object StatefulRules { get; }
Property Value
System.Object
Remarks
Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules
format, see Rules Format .
StatelessRulesAndCustomActions
Stateless inspection criteria to be used in a stateless rule group.
virtual object StatelessRulesAndCustomActions { get; }
Property Value
System.Object