You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::NetworkFirewall::Types::RulesSource
- Inherits:
-
Struct
- Object
- Struct
- Aws::NetworkFirewall::Types::RulesSource
- Defined in:
- (unknown)
Overview
When passing RulesSource as input to an Aws::Client method, you can use a vanilla Hash:
{
rules_string: "RulesString",
rules_source_list: {
targets: ["CollectionMember_String"], # required
target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
},
stateful_rules: [
{
action: "PASS", # required, accepts PASS, DROP, ALERT
header: { # required
protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
source: "Source", # required
source_port: "Port", # required
direction: "FORWARD", # required, accepts FORWARD, ANY
destination: "Destination", # required
destination_port: "Port", # required
},
rule_options: [ # required
{
keyword: "Keyword", # required
settings: ["Setting"],
},
],
},
],
stateless_rules_and_custom_actions: {
stateless_rules: [ # required
{
rule_definition: { # required
match_attributes: { # required
sources: [
{
address_definition: "AddressDefinition", # required
},
],
destinations: [
{
address_definition: "AddressDefinition", # required
},
],
source_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
destination_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
protocols: [1],
tcp_flags: [
{
flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
},
],
},
actions: ["CollectionMember_String"], # required
},
priority: 1, # required
},
],
custom_actions: [
{
action_name: "ActionName", # required
action_definition: { # required
publish_metric_action: {
dimensions: [ # required
{
value: "DimensionValue", # required
},
],
},
},
},
],
},
}
The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single RulesSource. You can use an instance of this for either stateless rules or stateful rules.
Returned by:
Instance Attribute Summary collapse
-
#rules_source_list ⇒ Types::RulesSourceList
Stateful inspection criteria for a domain list rule group.
-
#rules_string ⇒ String
Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules.
-
#stateful_rules ⇒ Array<Types::StatefulRule>
The 5-tuple stateful inspection criteria.
-
#stateless_rules_and_custom_actions ⇒ Types::StatelessRulesAndCustomActions
Stateless inspection criteria to be used in a stateless rule group.
Instance Attribute Details
#rules_source_list ⇒ Types::RulesSourceList
Stateful inspection criteria for a domain list rule group.
#rules_string ⇒ String
Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.
These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn\'t have a separate action setting.
You can provide the rules from a file that you\'ve stored in an Amazon S3 bucket, or by providing the rules in a Suricata rules string. To import from Amazon S3, provide the fully qualified name of the file that contains the rules definitions. To provide a Suricata rule string, provide the complete, Suricata compatible rule.
#stateful_rules ⇒ Array<Types::StatefulRule>
The 5-tuple stateful inspection criteria. This contains an array of individual 5-tuple stateful rules to be used together in a stateful rule group.
#stateless_rules_and_custom_actions ⇒ Types::StatelessRulesAndCustomActions
Stateless inspection criteria to be used in a stateless rule group.