Class CfnRuleGroup.MatchAttributesProperty
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.
Inheritance
Implements
Namespace: Amazon.CDK.AWS.NetworkFirewall
Assembly: Amazon.CDK.AWS.NetworkFirewall.dll
Syntax (csharp)
public class MatchAttributesProperty : Object, CfnRuleGroup.IMatchAttributesProperty
Syntax (vb)
Public Class MatchAttributesProperty
Inherits Object
Implements CfnRuleGroup.IMatchAttributesProperty
Remarks
Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.AWS.NetworkFirewall;
var matchAttributesProperty = new MatchAttributesProperty {
DestinationPorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Destinations = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
Protocols = new [] { 123 },
SourcePorts = new [] { new PortRangeProperty {
FromPort = 123,
ToPort = 123
} },
Sources = new [] { new AddressProperty {
AddressDefinition = "addressDefinition"
} },
TcpFlags = new [] { new TCPFlagFieldProperty {
Flags = new [] { "flags" },
// the properties below are optional
Masks = new [] { "masks" }
} }
};
Synopsis
Constructors
MatchAttributesProperty() |
Properties
DestinationPorts | The destination ports to inspect for. |
Destinations | The destination IP addresses and address ranges to inspect for, in CIDR notation. |
Protocols | The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). |
SourcePorts | The source ports to inspect for. |
Sources | The source IP addresses and address ranges to inspect for, in CIDR notation. |
TcpFlags | The TCP flags and masks to inspect for. |
Constructors
MatchAttributesProperty()
public MatchAttributesProperty()
Properties
DestinationPorts
The destination ports to inspect for.
public object DestinationPorts { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).
You can specify individual ports, for example 1994
and you can specify port ranges, for example 1990:1994
.
Destinations
The destination IP addresses and address ranges to inspect for, in CIDR notation.
public object Destinations { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any destination address.
Protocols
The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA).
public object Protocols { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any protocol.
SourcePorts
The source ports to inspect for.
public object SourcePorts { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).
You can specify individual ports, for example 1994
and you can specify port ranges, for example 1990:1994
.
Sources
The source IP addresses and address ranges to inspect for, in CIDR notation.
public object Sources { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any source address.
TcpFlags
The TCP flags and masks to inspect for.
public object TcpFlags { get; set; }
Property Value
System.Object
Remarks
If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP).