NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceStatefulRuleConfig
Network Firewall stateful rule configuration.
Use this configuration to define stateful rules for Network Firewall in an IP packet header format. This header format can be used instead of Suricata-compatible rules to define your stateful firewall filtering behavior.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statefulrule.html
- action: PASS header: source: 10.1.0.0/16 sourcePort: ANY destination: 10.0.0.0/16 destinationPort: ANY direction: FORWARD protocol: IP ruleOptions: - keyword: sid settings: ['100'] Copy
- action: PASS header: source: 10.1.0.0/16 sourcePort: ANY destination: 10.0.0.0/16 destinationPort: ANY direction: FORWARD protocol: IP ruleOptions: - keyword: sid settings: ['100']
Readonly
The action type for the stateful rule.
NetworkConfigTypes.nfwStatefulRuleActionType
A Network Firewall stateful rule header configuration.
NfwRuleSourceStatefulRuleHeaderConfig
An array of Network Firewall stateful rule options configurations.
NfwRuleSourceStatefulRuleOptionsConfig
NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceStatefulRuleConfig
Network Firewall stateful rule configuration.
Description
Use this configuration to define stateful rules for Network Firewall in an IP packet header format. This header format can be used instead of Suricata-compatible rules to define your stateful firewall filtering behavior.
See
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statefulrule.html
Example