NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwStatelessRulesAndCustomActionsConfig / NfwRuleSourceStatelessRuleConfig

Network Firewall stateless rule configuration. Use this configuration to define stateless rule for your Network Firewall. Network Firewall supports the standard stateless 5-tuple rule specification for network traffic inspection. When Network Firewall finds a match between a rule's inspection criteria and a packet, we say that the packet matches the rule and its rule group, and Network Firewall applies the rule's specified action to the packet.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-statelessrule.html.

The following example creates a stateless rule that allows SSH traffic from source 10.1.0.0/16 to destination 10.0.0.0/16. The rule has a priority value of 100:

Example

- priority: 100
ruleDefinition:
actions: ['aws:pass']
matchAttributes:
sources:
- 10.1.0.0/16
sourcePorts:
- fromPort: 1024
toPort: 65535
destinations:
- 10.0.0.0/16
destinationPorts:
- fromPort: 22
toPort: 22

Hierarchy

  • NfwRuleSourceStatelessRuleConfig

Implements

Constructors

Properties

Constructors

Properties

priority: number = 123

The priority number for the rule.

Remarks

Priority is evaluated in order from low to high. Priority numbers must be unique within a rule group.

A Network Firewall stateless rule definition configuration.

See

NfwRuleSourceStatelessRuleDefinitionConfig

Generated using TypeDoc