@Generated(value="com.amazonaws:aws-java-sdk-code-generator") public class StatefulEngineOptions extends Object implements Serializable, Cloneable, StructuredPojo
Configuration settings for the handling of the stateful rule groups in a firewall policy.
Constructor and Description |
---|
StatefulEngineOptions() |
Modifier and Type | Method and Description |
---|---|
StatefulEngineOptions |
clone() |
boolean |
equals(Object obj) |
String |
getRuleOrder()
Indicates how to manage the order of stateful rule evaluation for the policy.
|
String |
getStreamExceptionPolicy()
Configures how Network Firewall processes traffic when a network connection breaks midstream.
|
int |
hashCode() |
void |
marshall(ProtocolMarshaller protocolMarshaller)
Marshalls this structured data using the given
ProtocolMarshaller . |
void |
setRuleOrder(String ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy.
|
void |
setStreamExceptionPolicy(String streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream.
|
String |
toString()
Returns a string representation of this object.
|
StatefulEngineOptions |
withRuleOrder(RuleOrder ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy.
|
StatefulEngineOptions |
withRuleOrder(String ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy.
|
StatefulEngineOptions |
withStreamExceptionPolicy(StreamExceptionPolicy streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream.
|
StatefulEngineOptions |
withStreamExceptionPolicy(String streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream.
|
public void setRuleOrder(String ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is the
default and recommended option. With STRICT_ORDER
, provide your rules in the order that you want
them to be evaluated. You can then choose one or more default actions for packets that don't match any rules.
Choose STRICT_ORDER
to have the stateful rules engine determine the evaluation order of your rules.
The default action for this rule order is PASS
, followed by DROP
, REJECT
,
and ALERT
actions. Stateful rules are provided to the rule engine as Suricata compatible strings,
and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
ruleOrder
- Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is
the default and recommended option. With STRICT_ORDER
, provide your rules in the order that
you want them to be evaluated. You can then choose one or more default actions for packets that don't
match any rules. Choose STRICT_ORDER
to have the stateful rules engine determine the
evaluation order of your rules. The default action for this rule order is PASS
, followed by
DROP
, REJECT
, and ALERT
actions. Stateful rules are provided to the
rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more
information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.RuleOrder
public String getRuleOrder()
Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is the
default and recommended option. With STRICT_ORDER
, provide your rules in the order that you want
them to be evaluated. You can then choose one or more default actions for packets that don't match any rules.
Choose STRICT_ORDER
to have the stateful rules engine determine the evaluation order of your rules.
The default action for this rule order is PASS
, followed by DROP
, REJECT
,
and ALERT
actions. Stateful rules are provided to the rule engine as Suricata compatible strings,
and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
STRICT_ORDER
is the default and recommended option. With STRICT_ORDER
, provide your rules in the order
that you want them to be evaluated. You can then choose one or more default actions for packets that
don't match any rules. Choose STRICT_ORDER
to have the stateful rules engine determine the
evaluation order of your rules. The default action for this rule order is PASS
, followed by
DROP
, REJECT
, and ALERT
actions. Stateful rules are provided to
the rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For
more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.RuleOrder
public StatefulEngineOptions withRuleOrder(String ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is the
default and recommended option. With STRICT_ORDER
, provide your rules in the order that you want
them to be evaluated. You can then choose one or more default actions for packets that don't match any rules.
Choose STRICT_ORDER
to have the stateful rules engine determine the evaluation order of your rules.
The default action for this rule order is PASS
, followed by DROP
, REJECT
,
and ALERT
actions. Stateful rules are provided to the rule engine as Suricata compatible strings,
and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
ruleOrder
- Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is
the default and recommended option. With STRICT_ORDER
, provide your rules in the order that
you want them to be evaluated. You can then choose one or more default actions for packets that don't
match any rules. Choose STRICT_ORDER
to have the stateful rules engine determine the
evaluation order of your rules. The default action for this rule order is PASS
, followed by
DROP
, REJECT
, and ALERT
actions. Stateful rules are provided to the
rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more
information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.RuleOrder
public StatefulEngineOptions withRuleOrder(RuleOrder ruleOrder)
Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is the
default and recommended option. With STRICT_ORDER
, provide your rules in the order that you want
them to be evaluated. You can then choose one or more default actions for packets that don't match any rules.
Choose STRICT_ORDER
to have the stateful rules engine determine the evaluation order of your rules.
The default action for this rule order is PASS
, followed by DROP
, REJECT
,
and ALERT
actions. Stateful rules are provided to the rule engine as Suricata compatible strings,
and Suricata evaluates them based on your settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
ruleOrder
- Indicates how to manage the order of stateful rule evaluation for the policy. STRICT_ORDER
is
the default and recommended option. With STRICT_ORDER
, provide your rules in the order that
you want them to be evaluated. You can then choose one or more default actions for packets that don't
match any rules. Choose STRICT_ORDER
to have the stateful rules engine determine the
evaluation order of your rules. The default action for this rule order is PASS
, followed by
DROP
, REJECT
, and ALERT
actions. Stateful rules are provided to the
rule engine as Suricata compatible strings, and Suricata evaluates them based on your settings. For more
information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.RuleOrder
public void setStreamExceptionPolicy(String streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is
the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without context from
traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you
have a stateful rule to drop http
traffic, Network Firewall won't match the traffic for this rule
because the service won't have the context from session initialization defining the application layer protocol as
HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless
rule would
still match, as would the aws:drop_strict
default action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish
a new session. Network Firewall will have context about the new session and will apply rules to the subsequent
traffic.
streamExceptionPolicy
- Configures how Network Firewall processes traffic when a network connection breaks midstream. Network
connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
This is the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without
context from traffic before the break. This impacts the behavior of rules that depend on this context. For
example, if you have a stateful rule to drop http
traffic, Network Firewall won't match the
traffic for this rule because the service won't have the context from session initialization defining the
application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a
flow:stateless
rule would still match, as would the aws:drop_strict
default
action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the
firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can
immediately establish a new session. Network Firewall will have context about the new session and will
apply rules to the subsequent traffic.
StreamExceptionPolicy
public String getStreamExceptionPolicy()
Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is
the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without context from
traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you
have a stateful rule to drop http
traffic, Network Firewall won't match the traffic for this rule
because the service won't have the context from session initialization defining the application layer protocol as
HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless
rule would
still match, as would the aws:drop_strict
default action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish
a new session. Network Firewall will have context about the new session and will apply rules to the subsequent
traffic.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
This is the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without
context from traffic before the break. This impacts the behavior of rules that depend on this context.
For example, if you have a stateful rule to drop http
traffic, Network Firewall won't match
the traffic for this rule because the service won't have the context from session initialization defining
the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a
flow:stateless
rule would still match, as would the aws:drop_strict
default
action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the
firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can
immediately establish a new session. Network Firewall will have context about the new session and will
apply rules to the subsequent traffic.
StreamExceptionPolicy
public StatefulEngineOptions withStreamExceptionPolicy(String streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is
the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without context from
traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you
have a stateful rule to drop http
traffic, Network Firewall won't match the traffic for this rule
because the service won't have the context from session initialization defining the application layer protocol as
HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless
rule would
still match, as would the aws:drop_strict
default action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish
a new session. Network Firewall will have context about the new session and will apply rules to the subsequent
traffic.
streamExceptionPolicy
- Configures how Network Firewall processes traffic when a network connection breaks midstream. Network
connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
This is the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without
context from traffic before the break. This impacts the behavior of rules that depend on this context. For
example, if you have a stateful rule to drop http
traffic, Network Firewall won't match the
traffic for this rule because the service won't have the context from session initialization defining the
application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a
flow:stateless
rule would still match, as would the aws:drop_strict
default
action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the
firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can
immediately establish a new session. Network Firewall will have context about the new session and will
apply rules to the subsequent traffic.
StreamExceptionPolicy
public StatefulEngineOptions withStreamExceptionPolicy(StreamExceptionPolicy streamExceptionPolicy)
Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is
the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without context from
traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you
have a stateful rule to drop http
traffic, Network Firewall won't match the traffic for this rule
because the service won't have the context from session initialization defining the application layer protocol as
HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless
rule would
still match, as would the aws:drop_strict
default action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
Network Firewall also sends a TCP reject packet back to your client so that the client can immediately establish
a new session. Network Firewall will have context about the new session and will apply rules to the subsequent
traffic.
streamExceptionPolicy
- Configures how Network Firewall processes traffic when a network connection breaks midstream. Network
connections can break due to disruptions in external networks or within the firewall itself.
DROP
- Network Firewall fails closed and drops all subsequent traffic going to the firewall.
This is the default behavior.
CONTINUE
- Network Firewall continues to apply rules to the subsequent traffic without
context from traffic before the break. This impacts the behavior of rules that depend on this context. For
example, if you have a stateful rule to drop http
traffic, Network Firewall won't match the
traffic for this rule because the service won't have the context from session initialization defining the
application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a
flow:stateless
rule would still match, as would the aws:drop_strict
default
action.
REJECT
- Network Firewall fails closed and drops all subsequent traffic going to the
firewall. Network Firewall also sends a TCP reject packet back to your client so that the client can
immediately establish a new session. Network Firewall will have context about the new session and will
apply rules to the subsequent traffic.
StreamExceptionPolicy
public String toString()
toString
in class Object
Object.toString()
public StatefulEngineOptions clone()
public void marshall(ProtocolMarshaller protocolMarshaller)
StructuredPojo
ProtocolMarshaller
.marshall
in interface StructuredPojo
protocolMarshaller
- Implementation of ProtocolMarshaller
used to marshall this object's data.