Options
All
  • Public
  • Public/Protected
  • All
Menu

Network Firewall rule source configuration. Used to define rules for a Network Firewall.

see

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessource.html

example

File with list of Suricata rules:

rulesFile: path/to/rules.txt

DNS rule list:

rulesSourceList:
generatedRulesType: DENYLIST
targets:
- .example.com
targetTypes: ['TLS_SNI', 'HTTP_HOST']

Single Suricata rule:

rulesString: 'pass ip 10.1.0.0/16 any -> 10.0.0.0/16 any (sid:100;)'

Stateful rules:

statefulRules:
- action: PASS
header:
source: 10.1.0.0/16
sourcePort: ANY
destination: 10.0.0.0/16
destinationPort: ANY
direction: FORWARD
protocol: IP
ruleOptions:
- keyword: sid
settings: ['100']

Stateless rules:

statelessRulesAndCustomActions:
statelessRules:
- priority: 100
ruleDefinition:
actions: ['aws:pass']
matchAttributes:
sources:
- 10.1.0.0/16
sourcePorts:
- fromPort: 1024
toPort: 65535
destinations:
- 10.0.0.0/16
destinationPorts:
- fromPort: 22
toPort: 22

Hierarchy

  • NfwRuleSourceConfig

Implements

Index

Constructors

Properties

rulesFile: undefined | string = undefined
rulesSourceList: undefined | NfwRuleSourceListConfig = undefined

A Network Firewall rule source list configuration.

see

NfwRuleSourceListConfig

rulesString: undefined | string = undefined
statefulRules: undefined | NfwRuleSourceStatefulRuleConfig[] = undefined

An array of Network Firewall stateful rule configurations.

see

NfwRuleSourceStatefulRuleConfig

statelessRulesAndCustomActions: undefined | NfwStatelessRulesAndCustomActionsConfig = undefined

A Network Firewall stateless rules and custom action configuration.

see

NfwStatelessRulesAndCustomActionsConfig

Generated using TypeDoc