NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig
Network Firewall rule source configuration. Used to define rules for a Network Firewall.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessource.html
File with list of Suricata rules:
rulesFile: path/to/rules.txt
DNS rule list:
rulesSourceList: generatedRulesType: DENYLIST targets: - .example.com targetTypes: ['TLS_SNI', 'HTTP_HOST']
Single Suricata rule:
rulesString: 'pass ip 10.1.0.0/16 any -> 10.0.0.0/16 any (sid:100;)'
Stateful rules:
statefulRules: - action: PASS header: source: 10.1.0.0/16 sourcePort: ANY destination: 10.0.0.0/16 destinationPort: ANY direction: FORWARD protocol: IP ruleOptions: - keyword: sid settings: ['100']
Stateless rules:
statelessRulesAndCustomActions: statelessRules: - priority: 100 ruleDefinition: actions: ['aws:pass'] matchAttributes: sources: - 10.1.0.0/16 sourcePorts: - fromPort: 1024 toPort: 65535 destinations: - 10.0.0.0/16 destinationPorts: - fromPort: 22 toPort: 22
Readonly
Suricata rules file.
https://suricata.readthedocs.io/en/suricata-6.0.2/rules/intro.html
A Network Firewall rule source list configuration.
NfwRuleSourceListConfig
A Suricata-compatible stateful rule string.
https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-examples.html#suricata-example-rule-with-variables
An array of Network Firewall stateful rule configurations.
NfwRuleSourceStatefulRuleConfig
A Network Firewall stateless rules and custom action configuration.
NfwStatelessRulesAndCustomActionsConfig
Generated using TypeDoc
NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwRuleGroupConfig / NfwRuleGroupRuleConfig / NfwRuleSourceConfig
Network Firewall rule source configuration. Used to define rules for a Network Firewall.
See
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-networkfirewall-rulegroup-rulessource.html
Example
File with list of Suricata rules:
DNS rule list:
Single Suricata rule:
Stateful rules:
Stateless rules: