Package software.amazon.awscdk.services.networkfirewall

Interface CfnRuleGroup.MatchAttributesProperty

All Superinterfaces:
software.amazon.jsii.JsiiSerializable
All Known Implementing Classes:
CfnRuleGroup.MatchAttributesProperty.Jsii$Proxy
Enclosing class:
CfnRuleGroup
@Stability(Stable) public static interface CfnRuleGroup.MatchAttributesProperty extends software.amazon.jsii.JsiiSerializable
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection.

Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.services.networkfirewall.*;
 MatchAttributesProperty matchAttributesProperty = MatchAttributesProperty.builder()
         .destinationPorts(List.of(PortRangeProperty.builder()
                 .fromPort(123)
                 .toPort(123)
                 .build()))
         .destinations(List.of(AddressProperty.builder()
                 .addressDefinition("addressDefinition")
                 .build()))
         .protocols(List.of(123))
         .sourcePorts(List.of(PortRangeProperty.builder()
                 .fromPort(123)
                 .toPort(123)
                 .build()))
         .sources(List.of(AddressProperty.builder()
                 .addressDefinition("addressDefinition")
                 .build()))
         .tcpFlags(List.of(TCPFlagFieldProperty.builder()
                 .flags(List.of("flags"))
                 // the properties below are optional
                 .masks(List.of("masks"))
                 .build()))
         .build();

  • Method Details

    • getDestinationPorts

      @Stability(Stable) @Nullable default Object getDestinationPorts()
      The destination ports to inspect for.

      If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

      You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994 .

    • getDestinations

      @Stability(Stable) @Nullable default Object getDestinations()
      The destination IP addresses and address ranges to inspect for, in CIDR notation.

      If not specified, this matches with any destination address.

    • getProtocols

      @Stability(Stable) @Nullable default Object getProtocols()
      The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA).

      If not specified, this matches with any protocol.

    • getSourcePorts

      @Stability(Stable) @Nullable default Object getSourcePorts()
      The source ports to inspect for.

      If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

      You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994 .

    • getSources

      @Stability(Stable) @Nullable default Object getSources()
      The source IP addresses and address ranges to inspect for, in CIDR notation.

      If not specified, this matches with any source address.

    • getTcpFlags

      @Stability(Stable) @Nullable default Object getTcpFlags()
      The TCP flags and masks to inspect for.

      If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP).

    • builder

      @Stability(Stable) static CfnRuleGroup.MatchAttributesProperty.Builder builder()
      Returns:
      a CfnRuleGroup.MatchAttributesProperty.Builder of CfnRuleGroup.MatchAttributesProperty