You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::NetworkFirewall::Types::StatelessRule
- Inherits:
-
Struct
- Object
- Struct
- Aws::NetworkFirewall::Types::StatelessRule
- Defined in:
- (unknown)
Overview
When passing StatelessRule as input to an Aws::Client method, you can use a vanilla Hash:
{
rule_definition: { # required
match_attributes: { # required
sources: [
{
address_definition: "AddressDefinition", # required
},
],
destinations: [
{
address_definition: "AddressDefinition", # required
},
],
source_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
destination_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
protocols: [1],
tcp_flags: [
{
flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
},
],
},
actions: ["CollectionMember_String"], # required
},
priority: 1, # required
}
A single stateless rule. This is used in StatelessRulesAndCustomActions.
Instance Attribute Summary collapse
-
#priority ⇒ Integer
A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group.
-
#rule_definition ⇒ Types::RuleDefinition
Defines the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria.
Instance Attribute Details
#priority ⇒ Integer
A setting that indicates the order in which to run this rule relative to all of the rules that are defined for a stateless rule group. Network Firewall evaluates the rules in a rule group starting with the lowest priority setting. You must ensure that the priority settings are unique for the rule group.
Each stateless rule group uses exactly one
StatelessRulesAndCustomActions
object, and each
StatelessRulesAndCustomActions
contains exactly one StatelessRules
object. To ensure unique priority settings for your rule groups, set
unique priorities for the stateless rules that you define inside any
single StatelessRules
object.
You can change the priority settings of your rules at any time. To make it easier to insert rules later, number them so there\'s a wide range in between, for example use 100, 200, and so on.
#rule_definition ⇒ Types::RuleDefinition
Defines the stateless 5-tuple packet inspection criteria and the action to take on a packet that matches the criteria.