class Aws::NetworkFirewall::Types::MatchAttributes
Criteria for Network Firewall
to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.
@note When making an API call, you may pass MatchAttributes
data as a hash: { sources: [ { address_definition: "AddressDefinition", # required }, ], destinations: [ { address_definition: "AddressDefinition", # required }, ], source_ports: [ { from_port: 1, # required to_port: 1, # required }, ], destination_ports: [ { from_port: 1, # required to_port: 1, # required }, ], protocols: [1], tcp_flags: [ { flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR }, ], }
@!attribute [rw] sources
The source IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. @return [Array<Types::Address>]
@!attribute [rw] destinations
The destination IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. @return [Array<Types::Address>]
@!attribute [rw] source_ports
The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP). You can specify individual ports, for example `1994` and you can specify port ranges, for example `1990-1994`. @return [Array<Types::PortRange>]
@!attribute [rw] destination_ports
The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP). You can specify individual ports, for example `1994` and you can specify port ranges, for example `1990-1994`. @return [Array<Types::PortRange>]
@!attribute [rw] protocols
The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol. @return [Array<Integer>]
@!attribute [rw] tcp_flags
The TCP flags and masks to inspect for. If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP). @return [Array<Types::TCPFlagField>]
@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/MatchAttributes AWS API Documentation
Constants
- SENSITIVE