You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::NetworkFirewall::Types::MatchAttributes
- Inherits:
-
Struct
- Object
- Struct
- Aws::NetworkFirewall::Types::MatchAttributes
- Defined in:
- (unknown)
Overview
When passing MatchAttributes as input to an Aws::Client method, you can use a vanilla Hash:
{
sources: [
{
address_definition: "AddressDefinition", # required
},
],
destinations: [
{
address_definition: "AddressDefinition", # required
},
],
source_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
destination_ports: [
{
from_port: 1, # required
to_port: 1, # required
},
],
protocols: [1],
tcp_flags: [
{
flags: ["FIN"], # required, accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
masks: ["FIN"], # accepts FIN, SYN, RST, PSH, ACK, URG, ECE, CWR
},
],
}
Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.
Returned by:
Instance Attribute Summary collapse
-
#destination_ports ⇒ Array<Types::PortRange>
The destination ports to inspect for.
-
#destinations ⇒ Array<Types::Address>
The destination IP addresses and address ranges to inspect for, in CIDR notation.
-
#protocols ⇒ Array<Integer>
The protocols to inspect for, specified using each protocol\'s assigned internet protocol number (IANA).
-
#source_ports ⇒ Array<Types::PortRange>
The source ports to inspect for.
-
#sources ⇒ Array<Types::Address>
The source IP addresses and address ranges to inspect for, in CIDR notation.
-
#tcp_flags ⇒ Array<Types::TCPFlagField>
The TCP flags and masks to inspect for.
Instance Attribute Details
#destination_ports ⇒ Array<Types::PortRange>
The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).
You can specify individual ports, for example 1994
and you can specify
port ranges, for example 1990-1994
.
#destinations ⇒ Array<Types::Address>
The destination IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address.
#protocols ⇒ Array<Integer>
The protocols to inspect for, specified using each protocol\'s assigned internet protocol number (IANA). If not specified, this matches with any protocol.
#source_ports ⇒ Array<Types::PortRange>
The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).
You can specify individual ports, for example 1994
and you can specify
port ranges, for example 1990-1994
.
#sources ⇒ Array<Types::Address>
The source IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address.
#tcp_flags ⇒ Array<Types::TCPFlagField>
The TCP flags and masks to inspect for. If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP).