AWS::NetworkFirewall::RuleGroup TCPFlagField

TCP flags and masks to inspect packets for. This is used in the AWS::NetworkFirewall::RuleGroup MatchAttributes specification.

For example:

"TCPFlags": [ { "Flags": [ "ECE", "SYN" ], "Masks": [ "SYN", "ECE" ] } ]

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON


{
  "Flags" : [ String, ... ],
  "Masks" : [ String, ... ]
}

YAML


  Flags: 
    - String
  Masks: 
    - String

Properties

Flags

Used in conjunction with the Masks setting to define the flags that must be set and flags that must not be set in order for the packet to match. This setting can only specify values that are also specified in the Masks setting.

For the flags that are specified in the masks setting, the following must be true for the packet to match:

The ones that are set in this flags setting must be set in the packet.
The ones that are not set in this flags setting must also not be set in the packet.

Required: Yes

Type: Array of String

Update requires: No interruption

Masks

The set of flags to consider in the inspection. To inspect all flags in the valid values list, leave this with no setting.

Required: No

Type: Array of String

Update requires: No interruption

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Tag

AWS::NetworkFirewall::TLSInspectionConfiguration