class Aws::NetworkFirewall::Types::RulesSource
The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single `RulesSource`. You can use an instance of this for either stateless rules or stateful rules.
@note When making an API call, you may pass RulesSource
data as a hash: { rules_string: "RulesString", rules_source_list: { targets: ["CollectionMember_String"], # required target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST }, stateful_rules: [ { action: "PASS", # required, accepts PASS, DROP, ALERT header: { # required protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP source: "Source", # required source_port: "Port", # required direction: "FORWARD", # required, accepts FORWARD, ANY destination: "Destination", # required destination_port: "Port", # required }, rule_options: [ # required { keyword: "Keyword", # required settings: ["Setting"], }, ], }, ], stateless_rules_and_custom_actions: { stateless_rules: [ # required { rule_definition: { # required match_attributes: { # required sources: [ { address_definition: "AddressDefinition", # required }, ], destinations: [ { address_definition: "AddressDefinition", # required }, ], source_ports: [ { from_port: 1, # required to_port: 1, # required }, ], destination_ports: [ { from_port: 1, # required to_port: 1, # required }, ], protocols: [1], tcp_flags: [ { flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR }, ], }, actions: ["CollectionMember_String"], # required }, priority: 1, # required }, ], custom_actions: [ { action_name: "ActionName", # required action_definition: { # required publish_metric_action: { dimensions: [ # required { value: "DimensionValue", # required }, ], }, }, }, ], }, }
@!attribute [rw] rules_string
Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection. These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn't have a separate action setting. @return [String]
@!attribute [rw] rules_source_list
Stateful inspection criteria for a domain list rule group. @return [Types::RulesSourceList]
@!attribute [rw] stateful_rules
The 5-tuple stateful inspection criteria. This contains an array of individual 5-tuple stateful rules to be used together in a stateful rule group. @return [Array<Types::StatefulRule>]
@!attribute [rw] stateless_rules_and_custom_actions
Stateless inspection criteria to be used in a stateless rule group. @return [Types::StatelessRulesAndCustomActions]
@see docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/RulesSource AWS API Documentation
Constants
- SENSITIVE