Class CfnRuleGroupPropsMixin.StatefulRuleProperty
A single Suricata rules specification, for use in a stateful rule group.
Implements
Inherited Members
Namespace: Amazon.CDK.CfnPropertyMixins.AWS.NetworkFirewall
Assembly: Amazon.CDK.CfnPropertyMixins.dll
Syntax (csharp)
public class CfnRuleGroupPropsMixin.StatefulRuleProperty : CfnRuleGroupPropsMixin.IStatefulRulePropertySyntax (vb)
Public Class CfnRuleGroupPropsMixin.StatefulRuleProperty Implements CfnRuleGroupPropsMixin.IStatefulRulePropertyRemarks
Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.NetworkFirewall;
var statefulRuleProperty = new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
Settings = new [] { "settings" }
} }
};Synopsis
Constructors
| StatefulRuleProperty() | A single Suricata rules specification, for use in a stateful rule group. |
Properties
| Action | Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. |
| Header | The stateful inspection criteria for this rule, used to inspect traffic flows. |
| RuleOptions | Additional settings for a stateful rule, provided as keywords and settings. |
Constructors
StatefulRuleProperty()
A single Suricata rules specification, for use in a stateful rule group.
public StatefulRuleProperty()Remarks
Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options. For information about the Suricata Rules format, see Rules Format .
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.CfnPropertyMixins.AWS.NetworkFirewall;
var statefulRuleProperty = new StatefulRuleProperty {
Action = "action",
Header = new HeaderProperty {
Destination = "destination",
DestinationPort = "destinationPort",
Direction = "direction",
Protocol = "protocol",
Source = "source",
SourcePort = "sourcePort"
},
RuleOptions = new [] { new RuleOptionProperty {
Keyword = "keyword",
Settings = new [] { "settings" }
} }
};Properties
Action
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria.
public string? Action { get; set; }Property Value
Remarks
For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with ALERT action, verify in the logs that the rule is filtering as you want, then change the action to DROP .
REJECT isn't currently available for use with IMAP and FTP protocols.
Header
The stateful inspection criteria for this rule, used to inspect traffic flows.
public object? Header { get; set; }Property Value
Remarks
RuleOptions
Additional settings for a stateful rule, provided as keywords and settings.
public object? RuleOptions { get; set; }