Class CfnPolicyPropsMixin.NetworkAclEntryProperty
Describes a rule in a network ACL.
Implements
Inherited Members
Namespace: Amazon.CDK.Mixins.Preview.AWS.FMS.Mixins
Assembly: Amazon.CDK.Mixins.Preview.dll
Syntax (csharp)
public class CfnPolicyPropsMixin.NetworkAclEntryProperty : CfnPolicyPropsMixin.INetworkAclEntryPropertySyntax (vb)
Public Class CfnPolicyPropsMixin.NetworkAclEntryProperty Implements CfnPolicyPropsMixin.INetworkAclEntryPropertyRemarks
Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the network ACL, AWS processes the entries in the network ACL according to the rule numbers, in ascending order.
When you manage an individual network ACL, you explicitly specify the rule numbers. When you specify the network ACL rules in a Firewall Manager policy, you provide the rules to run first, in the order that you want them to run, and the rules to run last, in the order that you want them to run. Firewall Manager assigns the rule numbers for you when you save the network ACL policy specification.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.Mixins.Preview.AWS.FMS.Mixins;
var networkAclEntryProperty = new NetworkAclEntryProperty {
CidrBlock = "cidrBlock",
Egress = false,
IcmpTypeCode = new IcmpTypeCodeProperty {
Code = 123,
Type = 123
},
Ipv6CidrBlock = "ipv6CidrBlock",
PortRange = new PortRangeProperty {
From = 123,
To = 123
},
Protocol = "protocol",
RuleAction = "ruleAction"
};Synopsis
Constructors
| NetworkAclEntryProperty() | Describes a rule in a network ACL. |
Properties
| CidrBlock | The IPv4 network range to allow or deny, in CIDR notation. |
| Egress | Indicates whether the rule is an egress, or outbound, rule (applied to traffic leaving the subnet). |
| IcmpTypeCode | ICMP protocol: The ICMP type and code. |
| Ipv6CidrBlock | The IPv6 network range to allow or deny, in CIDR notation. |
| PortRange | TCP or UDP protocols: The range of ports the rule applies to. |
| Protocol | The protocol number. |
| RuleAction | Indicates whether to allow or deny the traffic that matches the rule. |
Constructors
NetworkAclEntryProperty()
Describes a rule in a network ACL.
public NetworkAclEntryProperty()Remarks
Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the network ACL, AWS processes the entries in the network ACL according to the rule numbers, in ascending order.
When you manage an individual network ACL, you explicitly specify the rule numbers. When you specify the network ACL rules in a Firewall Manager policy, you provide the rules to run first, in the order that you want them to run, and the rules to run last, in the order that you want them to run. Firewall Manager assigns the rule numbers for you when you save the network ACL policy specification.
ExampleMetadata: fixture=_generated
Examples
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
using Amazon.CDK.Mixins.Preview.AWS.FMS.Mixins;
var networkAclEntryProperty = new NetworkAclEntryProperty {
CidrBlock = "cidrBlock",
Egress = false,
IcmpTypeCode = new IcmpTypeCodeProperty {
Code = 123,
Type = 123
},
Ipv6CidrBlock = "ipv6CidrBlock",
PortRange = new PortRangeProperty {
From = 123,
To = 123
},
Protocol = "protocol",
RuleAction = "ruleAction"
};Properties
CidrBlock
The IPv4 network range to allow or deny, in CIDR notation.
public string? CidrBlock { get; set; }Property Value
Remarks
Egress
Indicates whether the rule is an egress, or outbound, rule (applied to traffic leaving the subnet).
public object? Egress { get; set; }Property Value
Remarks
If it's not an egress rule, then it's an ingress, or inbound, rule.
Type union: either bool or IResolvable
IcmpTypeCode
ICMP protocol: The ICMP type and code.
public object? IcmpTypeCode { get; set; }Property Value
Remarks
Ipv6CidrBlock
The IPv6 network range to allow or deny, in CIDR notation.
public string? Ipv6CidrBlock { get; set; }Property Value
Remarks
PortRange
TCP or UDP protocols: The range of ports the rule applies to.
public object? PortRange { get; set; }Property Value
Remarks
Protocol
The protocol number.
public string? Protocol { get; set; }Property Value
Remarks
A value of "-1" means all protocols.
RuleAction
Indicates whether to allow or deny the traffic that matches the rule.
public string? RuleAction { get; set; }