class Aws::NetworkFirewall::Types::MatchAttributes

Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.

@note When making an API call, you may pass MatchAttributes

data as a hash:

    {
      sources: [
        {
          address_definition: "AddressDefinition", # required
        },
      ],
      destinations: [
        {
          address_definition: "AddressDefinition", # required
        },
      ],
      source_ports: [
        {
          from_port: 1, # required
          to_port: 1, # required
        },
      ],
      destination_ports: [
        {
          from_port: 1, # required
          to_port: 1, # required
        },
      ],
      protocols: [1],
      tcp_flags: [
        {
          flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
          masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
        },
      ],
    }

@!attribute [rw] sources

The source IP addresses and address ranges to inspect for, in CIDR
notation. If not specified, this matches with any source address.
@return [Array<Types::Address>]

@!attribute [rw] destinations

The destination IP addresses and address ranges to inspect for, in
CIDR notation. If not specified, this matches with any destination
address.
@return [Array<Types::Address>]

@!attribute [rw] source_ports

The source ports to inspect for. If not specified, this matches with
any source port. This setting is only used for protocols 6 (TCP) and
17 (UDP).

You can specify individual ports, for example `1994` and you can
specify port ranges, for example `1990-1994`.
@return [Array<Types::PortRange>]

@!attribute [rw] destination_ports

The destination ports to inspect for. If not specified, this matches
with any destination port. This setting is only used for protocols 6
(TCP) and 17 (UDP).

You can specify individual ports, for example `1994` and you can
specify port ranges, for example `1990-1994`.
@return [Array<Types::PortRange>]

@!attribute [rw] protocols

The protocols to inspect for, specified using each protocol's
assigned internet protocol number (IANA). If not specified, this
matches with any protocol.
@return [Array<Integer>]

@!attribute [rw] tcp_flags

The TCP flags and masks to inspect for. If not specified, this
matches with any settings. This setting is only used for protocol 6
(TCP).
@return [Array<Types::TCPFlagField>]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/MatchAttributes AWS API Documentation

Constants

SENSITIVE