NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwRuleSourceStatefulRuleConfig / NfwRuleSourceStatefulRuleHeaderConfig

Network Firewall stateful rule header configuration. Use this configuration to define stateful rules for Network Firewall in an IP packet header format. This header format can be used instead of Suricata-compatible rules to define your stateful firewall filtering behavior.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-header.html for more details.

The following example creates a stateful rule that inspects all traffic from source 10.1.0.0/16 to destination 10.0.0.0/16:

Example

source: 10.1.0.0/16
sourcePort: ANY
destination: 10.0.0.0/16
destinationPort: ANY
direction: FORWARD
protocol: IP

Hierarchy

  • NfwRuleSourceStatefulRuleHeaderConfig

Implements

Constructors

Properties

destination: string = ''

The destination CIDR range to inspect for.

Remarks

Use CIDR notation, i.e. 10.0.0.0/16

destinationPort: string = ''

The destination port or port range to inspect.

Remarks

To specify a port range, separate the values with a colon :. For example: 80:443. To specify all ports, use ANY.

direction: "ANY" | "FORWARD" = 'ANY'

The direction of the traffic flow to inspect.

Remarks

Use ANY to match bidirectional traffic.

Use FORWARD to match only traffic going from the source to destination.

protocol: "DNS" | "HTTP" | "TCP" | "UDP" | "IP" | "TLS" | "SSH" | "SMB" | "DHCP" | "FTP" | "ICMP" | "DCERPC" | "SMTP" | "IMAP" | "MSN" | "KRB5" | "IKEV2" | "TFTP" | "NTP" = 'IP'

The protocol to inspect.

Remarks

To specify all traffic, use IP.

source: string = ''

The source CIDR range to inspect for.

Remarks

Use CIDR notation, i.e. 10.0.0.0/16

sourcePort: string = ''

The source port or port range to inspect.

Remarks

To specify a port range, separate the values with a colon :. For example: 80:443. To specify all ports, use ANY.

Generated using TypeDoc