class Aws::NetworkFirewall::Types::RulesSource

The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single `RulesSource`. You can use an instance of this for either stateless rules or stateful rules.

@note When making an API call, you may pass RulesSource

data as a hash:

    {
      rules_string: "RulesString",
      rules_source_list: {
        targets: ["CollectionMember_String"], # required
        target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
        generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
      },
      stateful_rules: [
        {
          action: "PASS", # required, accepts PASS, DROP, ALERT
          header: { # required
            protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
            source: "Source", # required
            source_port: "Port", # required
            direction: "FORWARD", # required, accepts FORWARD, ANY
            destination: "Destination", # required
            destination_port: "Port", # required
          },
          rule_options: [ # required
            {
              keyword: "Keyword", # required
              settings: ["Setting"],
            },
          ],
        },
      ],
      stateless_rules_and_custom_actions: {
        stateless_rules: [ # required
          {
            rule_definition: { # required
              match_attributes: { # required
                sources: [
                  {
                    address_definition: "AddressDefinition", # required
                  },
                ],
                destinations: [
                  {
                    address_definition: "AddressDefinition", # required
                  },
                ],
                source_ports: [
                  {
                    from_port: 1, # required
                    to_port: 1, # required
                  },
                ],
                destination_ports: [
                  {
                    from_port: 1, # required
                    to_port: 1, # required
                  },
                ],
                protocols: [1],
                tcp_flags: [
                  {
                    flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                    masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                  },
                ],
              },
              actions: ["CollectionMember_String"], # required
            },
            priority: 1, # required
          },
        ],
        custom_actions: [
          {
            action_name: "ActionName", # required
            action_definition: { # required
              publish_metric_action: {
                dimensions: [ # required
                  {
                    value: "DimensionValue", # required
                  },
                ],
              },
            },
          },
        ],
      },
    }

@!attribute [rw] rules_string

Stateful inspection criteria, provided in Suricata compatible
intrusion prevention system (IPS) rules. Suricata is an open-source
network IPS that includes a standard rule-based language for network
traffic inspection.

These rules contain the inspection criteria and the action to take
for traffic that matches the criteria, so this type of rule group
doesn't have a separate action setting.
@return [String]

@!attribute [rw] rules_source_list

Stateful inspection criteria for a domain list rule group.
@return [Types::RulesSourceList]

@!attribute [rw] stateful_rules

The 5-tuple stateful inspection criteria. This contains an array of
individual 5-tuple stateful rules to be used together in a stateful
rule group.
@return [Array<Types::StatefulRule>]

@!attribute [rw] stateless_rules_and_custom_actions

Stateless inspection criteria to be used in a stateless rule group.
@return [Types::StatelessRulesAndCustomActions]

@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RulesSource AWS API Documentation

Constants

SENSITIVE