Interface INfwRuleSourceStatelessMatchAttributesConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig / NfwStatelessRulesAndCustomActionsConfig / NfwRuleSourceStatelessRuleConfig / NfwRuleSourceStatelessRuleDefinitionConfig / NfwRuleSourceStatelessMatchAttributesConfig

Network Firewall stateless rule match attributes configuration.

Description

Use this configuration to define stateless rule match attributes for Network Firewall. To be a match, a packet must satisfy all of the match settings in the rule.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-matchattributes.html

Example

protocols: [6]
sources:
  - 10.1.0.0/16
sourcePorts:
  - fromPort: 1024
    toPort: 65535
destinations:
  - 10.0.0.0/16
destinationPorts:
  - fromPort: 22
    toPort: 22

interface INfwRuleSourceStatelessMatchAttributesConfig {
    destinationPorts?: INfwRuleSourceStatelessPortRangeConfig[];
    destinations?: string[];
    protocols?: number[];
    sourcePorts?: INfwRuleSourceStatelessPortRangeConfig[];
    sources?: string[];
    tcpFlags?: INfwRuleSourceStatelessTcpFlagsConfig[];
}

Index

Properties

destinationPorts? destinations? protocols? sourcePorts? sources? tcpFlags?

Properties

`Optional` `Readonly`destinationPorts

destinationPorts?: INfwRuleSourceStatelessPortRangeConfig[]

(OPTIONAL) An array of Network Firewall stateless port range configurations.

Remarks

The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

See

NfwRuleSourceStatelessPortRangeConfig

`Optional` `Readonly`destinations

destinations?: string[]

(OPTIONAL) An array of destination CIDR ranges to inspect for.

Remarks

Use CIDR notation, i.e. 10.0.0.0/16

`Optional` `Readonly`protocols

protocols?: number[]

(OPTIONAL) An array of IP protocol numbers to inspect for.

`Optional` `Readonly`sourcePorts

sourcePorts?: INfwRuleSourceStatelessPortRangeConfig[]

(OPTIONAL) An array of Network Firewall stateless port range configurations.

Remarks

The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP).

See

NfwRuleSourceStatelessPortRangeConfig

`Optional` `Readonly`sources

sources?: string[]

(OPTIONAL) An array of source CIDR ranges to inspect for.

Remarks

Use CIDR notation, i.e. 10.0.0.0/16

`Optional` `Readonly`tcpFlags

tcpFlags?: INfwRuleSourceStatelessTcpFlagsConfig[]

(OPTIONAL) An array of Network Firewall stateless TCP flag configurations.

See

NfwRuleSourceStatelessTcpFlagsConfig

Interface INfwRuleSourceStatelessMatchAttributesConfig

Description

See

Example

Index

Properties

Properties

`Optional` `Readonly`destinationPorts

Remarks

See

`Optional` `Readonly`destinations

Remarks

`Optional` `Readonly`protocols

`Optional` `Readonly`sourcePorts

Remarks

See

`Optional` `Readonly`sources

Remarks

`Optional` `Readonly`tcpFlags

See

Settings

On This Page

Interface INfwRuleSourceStatelessMatchAttributesConfig

Description

See

Example

Index

Properties

Properties

Optional ReadonlydestinationPorts

Remarks

See

Optional Readonlydestinations

Remarks

Optional Readonlyprotocols

Optional ReadonlysourcePorts

Remarks

See

Optional Readonlysources

Remarks

Optional ReadonlytcpFlags

See

Settings

On This Page

`Optional` `Readonly`destinationPorts

`Optional` `Readonly`destinations

`Optional` `Readonly`protocols

`Optional` `Readonly`sourcePorts

`Optional` `Readonly`sources

`Optional` `Readonly`tcpFlags