class Aws::NetworkFirewall::Types::Header

The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection. Traffic flows that match the criteria are a match for the corresponding StatefulRule.

@note When making an API call, you may pass Header

data as a hash:

    {
      protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
      source: "Source", # required
      source_port: "Port", # required
      direction: "FORWARD", # required, accepts FORWARD, ANY
      destination: "Destination", # required
      destination_port: "Port", # required
    }

@!attribute [rw] protocol

The protocol to inspect for. To specify all, you can use `IP`,
because all traffic on AWS and on the internet is IP.
@return [String]

@!attribute [rw] source

The source IP address or address range to inspect for, in CIDR
notation. To match with any address, specify `ANY`.

Specify an IP address or a block of IP addresses in Classless
Inter-Domain Routing (CIDR) notation. Network Firewall supports all
address ranges for IPv4.

Examples:

* To configure Network Firewall to inspect for the IP address
  192.0.2.44, specify `192.0.2.44/32`.

* To configure Network Firewall to inspect for IP addresses from
  192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.

For more information about CIDR notation, see the Wikipedia entry
[Classless Inter-Domain Routing][1].

[1]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
@return [String]

@!attribute [rw] source_port

The source port to inspect for. You can specify an individual port,
for example `1994` and you can specify a port range, for example
`1990-1994`. To match with any port, specify `ANY`.
@return [String]

@!attribute [rw] direction

The direction of traffic flow to inspect. If set to `ANY`, the
inspection matches bidirectional traffic, both from the source to
the destination and from the destination to the source. If set to
`FORWARD`, the inspection only matches traffic going from the source
to the destination.
@return [String]

@!attribute [rw] destination

The destination IP address or address range to inspect for, in CIDR
notation. To match with any address, specify `ANY`.

Specify an IP address or a block of IP addresses in Classless
Inter-Domain Routing (CIDR) notation. Network Firewall supports all
address ranges for IPv4.

Examples:

* To configure Network Firewall to inspect for the IP address
  192.0.2.44, specify `192.0.2.44/32`.

* To configure Network Firewall to inspect for IP addresses from
  192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.

For more information about CIDR notation, see the Wikipedia entry
[Classless Inter-Domain Routing][1].

[1]: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
@return [String]

@!attribute [rw] destination_port

The destination port to inspect for. You can specify an individual
port, for example `1994` and you can specify a port range, for
example `1990-1994`. To match with any port, specify `ANY`.
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/Header AWS API Documentation

Constants

SENSITIVE