class Aws::NetworkFirewall::Types::StatefulRule

A single 5-tuple stateful rule, for use in a stateful rule group.

@note When making an API call, you may pass StatefulRule

data as a hash:

    {
      action: "PASS", # required, accepts PASS, DROP, ALERT
      header: { # required
        protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
        source: "Source", # required
        source_port: "Port", # required
        direction: "FORWARD", # required, accepts FORWARD, ANY
        destination: "Destination", # required
        destination_port: "Port", # required
      },
      rule_options: [ # required
        {
          keyword: "Keyword", # required
          settings: ["Setting"],
        },
      ],
    }

@!attribute [rw] action

Defines what Network Firewall should do with the packets in a
traffic flow when the flow matches the stateful rule criteria. For
all actions, Network Firewall performs the specified action and
discontinues stateful inspection of the traffic flow.

The actions for a stateful rule are defined as follows:

* **PASS** - Permits the packets to go to the intended destination.

* **DROP** - Blocks the packets from going to the intended
  destination and sends an alert log message, if alert logging is
  configured in the Firewall LoggingConfiguration.

* **ALERT** - Permits the packets to go to the intended destination
  and sends an alert log message, if alert logging is configured in
  the Firewall LoggingConfiguration.

  You can use this action to test a rule that you intend to use to
  drop traffic. You can enable the rule with `ALERT` action, verify
  in the logs that the rule is filtering as you want, then change
  the action to `DROP`.
@return [String]

@!attribute [rw] header

The stateful 5-tuple inspection criteria for this rule, used to
inspect traffic flows.
@return [Types::Header]

@!attribute [rw] rule_options

@return [Array<Types::RuleOption>]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulRule AWS API Documentation

Constants

SENSITIVE