MatchAttributes

Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.

Contents

DestinationPorts

The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994.

Type: Array of PortRange objects

Required: No

Destinations

The destination IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address.

Type: Array of Address objects

Required: No

Protocols

The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol.

Type: Array of integers

Valid Range: Minimum value of 0. Maximum value of 255.

Required: No

SourcePorts

The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

You can specify individual ports, for example 1994 and you can specify port ranges, for example 1990:1994.

Type: Array of PortRange objects

Required: No

Sources

The source IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address.

Type: Array of Address objects

Required: No

TCPFlags

The TCP flags and masks to inspect for. If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP).

Type: Array of TCPFlagField objects

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following:

• AWS SDK for C++

• AWS SDK for Java V2

• AWS SDK for Ruby V3