interface HeaderProperty

Language	Type name
.NET	Amazon.CDK.AWS.NetworkFirewall.CfnRuleGroup.HeaderProperty
Go	github.com/aws/aws-cdk-go/awscdk/v2/awsnetworkfirewall#CfnRuleGroup_HeaderProperty
Java	software.amazon.awscdk.services.networkfirewall.CfnRuleGroup.HeaderProperty
Python	aws_cdk.aws_networkfirewall.CfnRuleGroup.HeaderProperty
TypeScript	aws-cdk-lib » aws_networkfirewall » CfnRuleGroup » HeaderProperty

The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection.

Traffic flows that match the criteria are a match for the corresponding stateful rule.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_networkfirewall as networkfirewall } from 'aws-cdk-lib';
const headerProperty: networkfirewall.CfnRuleGroup.HeaderProperty = {
  destination: 'destination',
  destinationPort: 'destinationPort',
  direction: 'direction',
  protocol: 'protocol',
  source: 'source',
  sourcePort: 'sourcePort',
};

Properties

Name	Type	Description
destination	string	The destination IP address or address range to inspect for, in CIDR notation.
destinationPort	string	The destination port to inspect for.
direction	string	The direction of traffic flow to inspect.
protocol	string	The protocol to inspect for.
source	string	The source IP address or address range to inspect for, in CIDR notation.
sourcePort	string	The source port to inspect for.

---

destination

Type: string

The destination IP address or address range to inspect for, in CIDR notation.

To match with any address, specify ANY .

Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

Examples:

• To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
• To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
• To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
• To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-destination

---

destinationPort

Type: string

The destination port to inspect for.

You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994 . To match with any port, specify ANY .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-destinationport

---

direction

Type: string

The direction of traffic flow to inspect.

If set to ANY , the inspection matches bidirectional traffic, both from the source to the destination and from the destination to the source. If set to FORWARD , the inspection only matches traffic going from the source to the destination.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-direction

---

protocol

Type: string

The protocol to inspect for.

To specify all, you can use IP , because all traffic on AWS and on the internet is IP.

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-protocol

---

source

Type: string

The source IP address or address range to inspect for, in CIDR notation.

To match with any address, specify ANY .

Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

Examples:

• To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32 .
• To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24 .
• To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128 .
• To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64 .

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-source

---

sourcePort

Type: string

The source port to inspect for.

You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994 . To match with any port, specify ANY .

See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html#cfn-networkfirewall-rulegroup-header-sourceport