You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::NetworkFirewall::Types::FirewallPolicy
- Inherits:
-
Struct
- Object
- Struct
- Aws::NetworkFirewall::Types::FirewallPolicy
- Defined in:
- (unknown)
Overview
When passing FirewallPolicy as input to an Aws::Client method, you can use a vanilla Hash:
{
stateless_rule_group_references: [
{
resource_arn: "ResourceArn", # required
priority: 1, # required
},
],
stateless_default_actions: ["CollectionMember_String"], # required
stateless_fragment_default_actions: ["CollectionMember_String"], # required
stateless_custom_actions: [
{
action_name: "ActionName", # required
action_definition: { # required
publish_metric_action: {
dimensions: [ # required
{
value: "DimensionValue", # required
},
],
},
},
},
],
stateful_rule_group_references: [
{
resource_arn: "ResourceArn", # required
},
],
}
The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.
This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.
Returned by:
Instance Attribute Summary collapse
-
#stateful_rule_group_references ⇒ Array<Types::StatefulRuleGroupReference>
References to the stateless rule groups that are used in the policy.
-
#stateless_custom_actions ⇒ Array<Types::CustomAction>
The custom action definitions that are available for use in the firewall policy\'s
StatelessDefaultActions
setting. -
#stateless_default_actions ⇒ Array<String>
The actions to take on a packet if it doesn\'t match any of the stateless rules in the policy.
-
#stateless_fragment_default_actions ⇒ Array<String>
The actions to take on a fragmented packet if it doesn\'t match any of the stateless rules in the policy.
-
#stateless_rule_group_references ⇒ Array<Types::StatelessRuleGroupReference>
References to the stateless rule groups that are used in the policy.
Instance Attribute Details
#stateful_rule_group_references ⇒ Array<Types::StatefulRuleGroupReference>
References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.
#stateless_custom_actions ⇒ Array<Types::CustomAction>
The custom action definitions that are available for use in the firewall
policy\'s StatelessDefaultActions
setting. You name each custom action
that you define, and then you can use it by name in your default actions
specifications.
#stateless_default_actions ⇒ Array<String>
The actions to take on a packet if it doesn\'t match any of the
stateless rules in the policy. If you want non-matching packets to be
forwarded for stateful inspection, specify aws:forward_to_sfe
.
You must specify one of the standard actions: aws:pass
, aws:drop
, or
aws:forward_to_sfe
. In addition, you can specify custom actions that
are compatible with your standard section choice.
For example, you could specify ["aws:pass"]
or you could specify
["aws:pass", “customActionName”]
. For information about compatibility,
see the custom action descriptions under CustomAction.
#stateless_fragment_default_actions ⇒ Array<String>
The actions to take on a fragmented packet if it doesn\'t match any of
the stateless rules in the policy. If you want non-matching fragmented
packets to be forwarded for stateful inspection, specify
aws:forward_to_sfe
.
You must specify one of the standard actions: aws:pass
, aws:drop
, or
aws:forward_to_sfe
. In addition, you can specify custom actions that
are compatible with your standard section choice.
For example, you could specify ["aws:pass"]
or you could specify
["aws:pass", “customActionName”]
. For information about compatibility,
see the custom action descriptions under CustomAction.
#stateless_rule_group_references ⇒ Array<Types::StatelessRuleGroupReference>
References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.