You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::NetworkFirewall::Types::Header

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing Header as input to an Aws::Client method, you can use a vanilla Hash:

{
  protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
  source: "Source", # required
  source_port: "Port", # required
  direction: "FORWARD", # required, accepts FORWARD, ANY
  destination: "Destination", # required
  destination_port: "Port", # required
}

The 5-tuple criteria for AWS Network Firewall to use to inspect packet headers in stateful traffic flow inspection. Traffic flows that match the criteria are a match for the corresponding StatefulRule.

Returned by:

See Also:

Instance Attribute Summary collapse

Instance Attribute Details

#destinationString

The destination IP address or address range to inspect for, in CIDR notation. To match with any address, specify ANY.

Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4.

Examples:

  • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

  • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

Returns:

  • (String)

    The destination IP address or address range to inspect for, in CIDR notation.

#destination_portString

The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990-1994. To match with any port, specify ANY.

Returns:

  • (String)

    The destination port to inspect for.

#directionString

The direction of traffic flow to inspect. If set to ANY, the inspection matches bidirectional traffic, both from the source to the destination and from the destination to the source. If set to FORWARD, the inspection only matches traffic going from the source to the destination.

Possible values:

  • FORWARD
  • ANY

Returns:

  • (String)

    The direction of traffic flow to inspect.

#protocolString

The protocol to inspect for. To match with any protocol, specify ANY.

Possible values:

  • IP
  • TCP
  • UDP
  • ICMP
  • HTTP
  • FTP
  • TLS
  • SMB
  • DNS
  • DCERPC
  • SSH
  • SMTP
  • IMAP
  • MSN
  • KRB5
  • IKEV2
  • TFTP
  • NTP
  • DHCP

Returns:

  • (String)

    The protocol to inspect for.

#sourceString

The source IP address or address range to inspect for, in CIDR notation. To match with any address, specify ANY.

Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4.

Examples:

  • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

  • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

Returns:

  • (String)

    The source IP address or address range to inspect for, in CIDR notation.

#source_portString

The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990-1994. To match with any port, specify ANY.

Returns:

  • (String)

    The source port to inspect for.