AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.

Class: Aws::NetworkFirewall::Types::RulesSource

Inherits:
Struct
  • Object
show all
Defined in:
(unknown)

Overview

Note:

When passing RulesSource as input to an Aws::Client method, you can use a vanilla Hash:

{
  rules_string: "RulesString",
  rules_source_list: {
    targets: ["CollectionMember_String"], # required
    target_types: ["TLS_SNI"], # required, accepts TLS_SNI, HTTP_HOST
    generated_rules_type: "ALLOWLIST", # required, accepts ALLOWLIST, DENYLIST
  },
  stateful_rules: [
    {
      action: "PASS", # required, accepts PASS, DROP, ALERT
      header: { # required
        protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
        source: "Source", # required
        source_port: "Port", # required
        direction: "FORWARD", # required, accepts FORWARD, ANY
        destination: "Destination", # required
        destination_port: "Port", # required
      },
      rule_options: [ # required
        {
          keyword: "Keyword", # required
          settings: ["Setting"],
        },
      ],
    },
  ],
  stateless_rules_and_custom_actions: {
    stateless_rules: [ # required
      {
        rule_definition: { # required
          match_attributes: { # required
            sources: [
              {
                address_definition: "AddressDefinition", # required
              },
            ],
            destinations: [
              {
                address_definition: "AddressDefinition", # required
              },
            ],
            source_ports: [
              {
                from_port: 1, # required
                to_port: 1, # required
              },
            ],
            destination_ports: [
              {
                from_port: 1, # required
                to_port: 1, # required
              },
            ],
            protocols: [1],
            tcp_flags: [
              {
                flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
                masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
              },
            ],
          },
          actions: ["CollectionMember_String"], # required
        },
        priority: 1, # required
      },
    ],
    custom_actions: [
      {
        action_name: "ActionName", # required
        action_definition: { # required
          publish_metric_action: {
            dimensions: [ # required
              {
                value: "DimensionValue", # required
              },
            ],
          },
        },
      },
    ],
  },
}

The stateless or stateful rules definitions for use in a single rule group. Each rule group requires a single RulesSource. You can use an instance of this for either stateless rules or stateful rules.

Returned by:

Instance Attribute Summary collapse

Instance Attribute Details

#rules_source_listTypes::RulesSourceList

Stateful inspection criteria for a domain list rule group.

Returns:

#rules_stringString

Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules. Suricata is an open-source network IPS that includes a standard rule-based language for network traffic inspection.

These rules contain the inspection criteria and the action to take for traffic that matches the criteria, so this type of rule group doesn\'t have a separate action setting.

You can provide the rules from a file that you\'ve stored in an Amazon S3 bucket, or by providing the rules in a Suricata rules string. To import from Amazon S3, provide the fully qualified name of the file that contains the rules definitions. To provide a Suricata rule string, provide the complete, Suricata compatible rule.

Returns:

  • (String)

    Stateful inspection criteria, provided in Suricata compatible intrusion prevention system (IPS) rules.

#stateful_rulesArray<Types::StatefulRule>

The 5-tuple stateful inspection criteria. This contains an array of individual 5-tuple stateful rules to be used together in a stateful rule group.

Returns:

#stateless_rules_and_custom_actionsTypes::StatelessRulesAndCustomActions

Stateless inspection criteria to be used in a stateless rule group.

Returns: