Interface INfwRuleSourceStatelessRuleConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwStatelessRulesAndCustomActionsConfig / NfwRuleSourceStatelessRuleConfig

Network Firewall stateless rule configuration.

Description

Use this configuration to define stateless rule for your Network Firewall. Network Firewall supports the standard stateless 5-tuple rule specification for network traffic inspection. When Network Firewall finds a match between a rule's inspection criteria and a packet, we say that the packet matches the rule and its rule group, and Network Firewall applies the rule's specified action to the packet.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrule.html.

The following example creates a stateless rule that allows SSH traffic from source 10.1.0.0/16 to destination 10.0.0.0/16. The rule has a priority value of 100:

Example

- priority: 100
  ruleDefinition:
    actions: ['aws:pass']
    matchAttributes:
      sources:
        - 10.1.0.0/16
      sourcePorts:
        - fromPort: 1024
          toPort: 65535
      destinations:
        - 10.0.0.0/16
      destinationPorts:
        - fromPort: 22
          toPort: 22
interface INfwRuleSourceStatelessRuleConfig {
    priority: number;
    ruleDefinition: INfwRuleSourceStatelessRuleDefinitionConfig;
}

Properties

priority ruleDefinition

Properties

Readonlypriority

priority: number

The priority number for the rule.

Remarks

Priority is evaluated in order from low to high. Priority numbers must be unique within a rule group.

ReadonlyruleDefinition

ruleDefinition: INfwRuleSourceStatelessRuleDefinitionConfig

A Network Firewall stateless rule definition configuration.

See

NfwRuleSourceStatelessRuleDefinitionConfig

Settings

Member Visibility

On This Page

Properties