Package software.amazon.awscdk.services.networkfirewall

Class CfnRuleGroup.StatefulRuleProperty.Jsii$Proxy

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.networkfirewall.CfnRuleGroup.StatefulRuleProperty.Jsii$Proxy
All Implemented Interfaces:
CfnRuleGroup.StatefulRuleProperty, software.amazon.jsii.JsiiSerializable
Enclosing interface:
CfnRuleGroup.StatefulRuleProperty
@Stability(Stable) @Internal public static final class CfnRuleGroup.StatefulRuleProperty.Jsii$Proxy extends software.amazon.jsii.JsiiObject implements CfnRuleGroup.StatefulRuleProperty
An implementation for CfnRuleGroup.StatefulRuleProperty

  • Constructor Details

    • Jsii$Proxy

      protected Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)
      Constructor that initializes the object based on values retrieved from the JsiiObject.
      Parameters:
      objRef - Reference to the JSII managed object.

    • Jsii$Proxy

      protected Jsii$Proxy(CfnRuleGroup.StatefulRuleProperty.Builder builder)
      Constructor that initializes the object based on literal property values passed by the CfnRuleGroup.StatefulRuleProperty.Builder.

  • Method Details

    • getAction

      public final String getAction()
      Description copied from interface: CfnRuleGroup.StatefulRuleProperty
      Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria.

      For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.

      The actions for a stateful rule are defined as follows:

      • PASS - Permits the packets to go to the intended destination.
      • DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration .
      • REJECT - Drops traffic that matches the conditions of the stateful rule and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a RST bit contained in the TCP header flags. REJECT is available only for TCP traffic.
      • ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration .

      You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP .

      • REJECT - Drops TCP traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and a RST bit contained in the TCP header flags. Also sends an alert log mesage if alert logging is configured in the Firewall LoggingConfiguration .

      REJECT isn't currently available for use with IMAP and FTP protocols.

      Specified by:
      getAction in interface CfnRuleGroup.StatefulRuleProperty

    • getHeader

      public final Object getHeader()
      Description copied from interface: CfnRuleGroup.StatefulRuleProperty
      The stateful inspection criteria for this rule, used to inspect traffic flows.
      Specified by:
      getHeader in interface CfnRuleGroup.StatefulRuleProperty

    • getRuleOptions

      public final Object getRuleOptions()
      Description copied from interface: CfnRuleGroup.StatefulRuleProperty
      Additional settings for a stateful rule, provided as keywords and settings.
      Specified by:
      getRuleOptions in interface CfnRuleGroup.StatefulRuleProperty

    • $jsii$toJson

      @Internal public com.fasterxml.jackson.databind.JsonNode $jsii$toJson()
      Specified by:
      $jsii$toJson in interface software.amazon.jsii.JsiiSerializable

    • equals

      public final boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object