Class: Aws::NetworkFirewall::Types::RulesSource

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb

Overview

Note:

When making an API call, you may pass RulesSource data as a hash:

{
  rules_string: "RulesString",
  rules_source_list: {
    targets: ["CollectionMember_String"], # required
    target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
    generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
  },
  stateful_rules: [
    {
      action: "PASS", # required, accepts PASS, DROP, ALERT
      header: { # required
        protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
        source: "Source", # required
        source_port: "Port", # required
        direction: "FORWARD", # required, accepts FORWARD, ANY
        destination: "Destination", # required
        destination_port: "Port", # required
      },
      rule_options: [ # required
        {
          keyword: "Keyword", # required
          settings: ["Setting"],
        },
      ],
    },
  ],
  stateless_rules_and_custom_actions: {
    stateless_rules: [ # required
      {
        rule_definition: { # required
          match_attributes: { # required
            sources: [
              {
                address_definition: "AddressDefinition", # required
              },
            ],
            destinations: [
              {
                address_definition: "AddressDefinition", # required
              },
            ],
            source_ports: [
              {
                from_port: 1, # required
                to_port: 1, # required
              },
            ],
            destination_ports: [
              {
                from_port: 1, # required
                to_port: 1, # required
              },
            ],
            protocols: [1],
            tcp_flags: [
              {
                flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
              },
            ],
          },
          actions: ["CollectionMember_String"], # required
        },
        priority: 1, # required
      },
    ],
    custom_actions: [
      {
        action_name: "ActionName", # required
        action_definition: { # required
          publish_metric_action: {
            dimensions: [ # required
              {
                value: "DimensionValue", # required
              },
            ],
          },
        },
      },
    ],
  },
}

The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single RulesSource. You can use an instance of this for either stateless rules or stateful rules.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#rules_source_listTypes::RulesSourceList

Stateful inspection criteria for a domain list rule group.



3723
3724
3725
3726
3727
3728
3729
3730
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3723

class RulesSource < Struct.new(
  :rules_string,
  :rules_source_list,
  :stateful_rules,
  :stateless_rules_and_custom_actions)
  SENSITIVE = []
  include Aws::Structure
end

#rules_stringString

Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.

These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting.

Returns:

  • (String)


3723
3724
3725
3726
3727
3728
3729
3730
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3723

class RulesSource < Struct.new(
  :rules_string,
  :rules_source_list,
  :stateful_rules,
  :stateless_rules_and_custom_actions)
  SENSITIVE = []
  include Aws::Structure
end

#stateful_rulesArray<Types::StatefulRule>

An array of individual stateful rules inspection criteria to be used together in a stateful rule group. Use this option to specify simple Suricata rules with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format.

Returns:



3723
3724
3725
3726
3727
3728
3729
3730
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3723

class RulesSource < Struct.new(
  :rules_string,
  :rules_source_list,
  :stateful_rules,
  :stateless_rules_and_custom_actions)
  SENSITIVE = []
  include Aws::Structure
end

#stateless_rules_and_custom_actionsTypes::StatelessRulesAndCustomActions

Stateless inspection criteria to be used in a stateless rule group.



3723
3724
3725
3726
3727
3728
3729
3730
# File 'gems/aws-sdk-networkfirewall/lib/aws-sdk-networkfirewall/types.rb', line 3723

class RulesSource < Struct.new(
  :rules_string,
  :rules_source_list,
  :stateful_rules,
  :stateless_rules_and_custom_actions)
  SENSITIVE = []
  include Aws::Structure
end