Class: Aws::NetworkFirewall::Types::StatefulRule

Inherits:

Struct

• Object
• Struct
• Aws::NetworkFirewall::Types::StatefulRule

Includes:

Structure

Defined in:

lib/aws-sdk-networkfirewall/types.rb

Overview

A single Suricata rules specification, for use in a stateful rule group. Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata ‘Rules` format, see [Rules Format].

[1]: suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #action ⇒ String

  Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria.

• #header ⇒ Types::Header

  The stateful inspection criteria for this rule, used to inspect traffic flows.

• #rule_options ⇒ Array<Types::RuleOption>

  Additional options for the rule.

Instance Attribute Details

#action ⇒ String

Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.

The actions for a stateful rule are defined as follows:

• PASS - Permits the packets to go to the intended destination.

• DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.

• ALERT - Sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.

  You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ‘ALERT` action, verify in the logs that the rule is filtering as you want, then change the action to `DROP`.

• REJECT - Drops traffic that matches the conditions of the stateful rule, and sends a TCP reset packet back to sender of the packet. A TCP reset packet is a packet with no payload and an RST bit contained in the TCP header flags. REJECT is available only for TCP traffic. This option doesn’t support FTP or IMAP protocols.

Returns:

• (String)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 3785

class StatefulRule < Struct.new(
  :action,
  :header,
  :rule_options)
  SENSITIVE = []
  include Aws::Structure
end

#header ⇒ Types::Header

The stateful inspection criteria for this rule, used to inspect traffic flows.

Returns:

• (Types::Header)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 3785

class StatefulRule < Struct.new(
  :action,
  :header,
  :rule_options)
  SENSITIVE = []
  include Aws::Structure
end

#rule_options ⇒ Array<Types::RuleOption>

Additional options for the rule. These are the Suricata ‘RuleOptions` settings.

Returns:

• (Array<Types::RuleOption>)

# File 'lib/aws-sdk-networkfirewall/types.rb', line 3785

class StatefulRule < Struct.new(
  :action,
  :header,
  :rule_options)
  SENSITIVE = []
  include Aws::Structure
end