쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

설정
문의하기
피드백
AWS Documentation
AWS 계정 생성

Rule groups in AWS Network Firewall

PDF
RSS
포커스 모드
Rule groups in AWS Network Firewall - AWS Network Firewall
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

An AWS Network Firewall rule group is a reusable set of criteria for inspecting and handling network traffic. You add one or more rule groups to a firewall policy as part of policy configuration. For more information about firewall policies and firewalls, see Firewall policies in AWS Network Firewall and Firewalls in AWS Network Firewall.

You can use your own rule groups and you can use rule groups that are managed for you by AWS.

Network Firewall rule groups are either stateless or stateful. Stateless rule groups evaluate packets in isolation, while stateful rule groups evaluate them in the context of their traffic flow. You can create and manage the following categories of rule groups in Network Firewall:

  • Stateless – Defines standard network connection attributes for examining a packet on its own, with no additional context.

  • Stateful – Defines criteria for examining a packet in the context of traffic flow and of other traffic that's related to the packet.

    Network Firewall uses a Suricata rules engine to process all stateful rules. You can write any of your stateful rules in Suricata compatible format. Alternately, for domain list rules and for very basic rules, you can use an easy entry form provided by Network Firewall.

    Stateful rule groups are available in the following categories:

    • Suricata compatible rule strings – Provides match and action settings, in Suricata compatible format. You can provide all of your stateful rules through this method if you want to.

    • Domain list – Defines a list of domain names and specifies the protocol type to inspect. You can create these rules from traffic analysis reports. For information, see Creating stateful rule groups from reports.

    • Standard stateful rules – Defines standard network connection attributes for examining a packet within the context of a traffic flow.

Depending on the type of rule group, you might also define rules inside the rule group. Rules provide detailed criteria for packet inspection and specify what to do when a packet matches the criteria. When Network Firewall finds a match between the criteria and a packet, we say that the packet matches the rule group.

This section provides guidance for creating and managing your own rule groups.

Topics
프라이버시사이트 이용 약관쿠키 기본 설정
© 2025, Amazon Web Services, Inc. 또는 계열사. All rights reserved.