/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace NetworkFirewall { namespace Model { /** *

The firewall policy defines the behavior of a firewall using a collection of * stateless and stateful rule groups and other settings. You can use one firewall * policy for multiple firewalls.

This, along with * FirewallPolicyResponse, define the policy. You can retrieve all objects * for a firewall policy by calling DescribeFirewallPolicy.

See * Also:

AWS * API Reference

*/ class FirewallPolicy { public: AWS_NETWORKFIREWALL_API FirewallPolicy(); AWS_NETWORKFIREWALL_API FirewallPolicy(Aws::Utils::Json::JsonView jsonValue); AWS_NETWORKFIREWALL_API FirewallPolicy& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_NETWORKFIREWALL_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline const Aws::Vector& GetStatelessRuleGroupReferences() const{ return m_statelessRuleGroupReferences; } /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline bool StatelessRuleGroupReferencesHasBeenSet() const { return m_statelessRuleGroupReferencesHasBeenSet; } /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline void SetStatelessRuleGroupReferences(const Aws::Vector& value) { m_statelessRuleGroupReferencesHasBeenSet = true; m_statelessRuleGroupReferences = value; } /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline void SetStatelessRuleGroupReferences(Aws::Vector&& value) { m_statelessRuleGroupReferencesHasBeenSet = true; m_statelessRuleGroupReferences = std::move(value); } /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline FirewallPolicy& WithStatelessRuleGroupReferences(const Aws::Vector& value) { SetStatelessRuleGroupReferences(value); return *this;} /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline FirewallPolicy& WithStatelessRuleGroupReferences(Aws::Vector&& value) { SetStatelessRuleGroupReferences(std::move(value)); return *this;} /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline FirewallPolicy& AddStatelessRuleGroupReferences(const StatelessRuleGroupReference& value) { m_statelessRuleGroupReferencesHasBeenSet = true; m_statelessRuleGroupReferences.push_back(value); return *this; } /** *

References to the stateless rule groups that are used in the policy. These * define the matching criteria in stateless rules.

*/ inline FirewallPolicy& AddStatelessRuleGroupReferences(StatelessRuleGroupReference&& value) { m_statelessRuleGroupReferencesHasBeenSet = true; m_statelessRuleGroupReferences.push_back(std::move(value)); return *this; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline const Aws::Vector& GetStatelessDefaultActions() const{ return m_statelessDefaultActions; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline bool StatelessDefaultActionsHasBeenSet() const { return m_statelessDefaultActionsHasBeenSet; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline void SetStatelessDefaultActions(const Aws::Vector& value) { m_statelessDefaultActionsHasBeenSet = true; m_statelessDefaultActions = value; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline void SetStatelessDefaultActions(Aws::Vector&& value) { m_statelessDefaultActionsHasBeenSet = true; m_statelessDefaultActions = std::move(value); } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline FirewallPolicy& WithStatelessDefaultActions(const Aws::Vector& value) { SetStatelessDefaultActions(value); return *this;} /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline FirewallPolicy& WithStatelessDefaultActions(Aws::Vector&& value) { SetStatelessDefaultActions(std::move(value)); return *this;} /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline FirewallPolicy& AddStatelessDefaultActions(const Aws::String& value) { m_statelessDefaultActionsHasBeenSet = true; m_statelessDefaultActions.push_back(value); return *this; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline FirewallPolicy& AddStatelessDefaultActions(Aws::String&& value) { m_statelessDefaultActionsHasBeenSet = true; m_statelessDefaultActions.push_back(std::move(value)); return *this; } /** *

The actions to take on a packet if it doesn't match any of the stateless * rules in the policy. If you want non-matching packets to be forwarded for * stateful inspection, specify aws:forward_to_sfe.

You must * specify one of the standard actions: aws:pass, * aws:drop, or aws:forward_to_sfe. In addition, you can * specify custom actions that are compatible with your standard section * choice.

For example, you could specify ["aws:pass"] or you * could specify ["aws:pass", “customActionName”]. For information * about compatibility, see the custom action descriptions under * CustomAction.

*/ inline FirewallPolicy& AddStatelessDefaultActions(const char* value) { m_statelessDefaultActionsHasBeenSet = true; m_statelessDefaultActions.push_back(value); return *this; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline const Aws::Vector& GetStatelessFragmentDefaultActions() const{ return m_statelessFragmentDefaultActions; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline bool StatelessFragmentDefaultActionsHasBeenSet() const { return m_statelessFragmentDefaultActionsHasBeenSet; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline void SetStatelessFragmentDefaultActions(const Aws::Vector& value) { m_statelessFragmentDefaultActionsHasBeenSet = true; m_statelessFragmentDefaultActions = value; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline void SetStatelessFragmentDefaultActions(Aws::Vector&& value) { m_statelessFragmentDefaultActionsHasBeenSet = true; m_statelessFragmentDefaultActions = std::move(value); } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline FirewallPolicy& WithStatelessFragmentDefaultActions(const Aws::Vector& value) { SetStatelessFragmentDefaultActions(value); return *this;} /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline FirewallPolicy& WithStatelessFragmentDefaultActions(Aws::Vector&& value) { SetStatelessFragmentDefaultActions(std::move(value)); return *this;} /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline FirewallPolicy& AddStatelessFragmentDefaultActions(const Aws::String& value) { m_statelessFragmentDefaultActionsHasBeenSet = true; m_statelessFragmentDefaultActions.push_back(value); return *this; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline FirewallPolicy& AddStatelessFragmentDefaultActions(Aws::String&& value) { m_statelessFragmentDefaultActionsHasBeenSet = true; m_statelessFragmentDefaultActions.push_back(std::move(value)); return *this; } /** *

The actions to take on a fragmented UDP packet if it doesn't match any of the * stateless rules in the policy. Network Firewall only manages UDP packet * fragments and silently drops packet fragments for other protocols. If you want * non-matching fragmented UDP packets to be forwarded for stateful inspection, * specify aws:forward_to_sfe.

You must specify one of the * standard actions: aws:pass, aws:drop, or * aws:forward_to_sfe. In addition, you can specify custom actions * that are compatible with your standard section choice.

For example, you * could specify ["aws:pass"] or you could specify ["aws:pass", * “customActionName”]. For information about compatibility, see the custom * action descriptions under CustomAction.

*/ inline FirewallPolicy& AddStatelessFragmentDefaultActions(const char* value) { m_statelessFragmentDefaultActionsHasBeenSet = true; m_statelessFragmentDefaultActions.push_back(value); return *this; } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline const Aws::Vector& GetStatelessCustomActions() const{ return m_statelessCustomActions; } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline bool StatelessCustomActionsHasBeenSet() const { return m_statelessCustomActionsHasBeenSet; } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline void SetStatelessCustomActions(const Aws::Vector& value) { m_statelessCustomActionsHasBeenSet = true; m_statelessCustomActions = value; } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline void SetStatelessCustomActions(Aws::Vector&& value) { m_statelessCustomActionsHasBeenSet = true; m_statelessCustomActions = std::move(value); } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline FirewallPolicy& WithStatelessCustomActions(const Aws::Vector& value) { SetStatelessCustomActions(value); return *this;} /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline FirewallPolicy& WithStatelessCustomActions(Aws::Vector&& value) { SetStatelessCustomActions(std::move(value)); return *this;} /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline FirewallPolicy& AddStatelessCustomActions(const CustomAction& value) { m_statelessCustomActionsHasBeenSet = true; m_statelessCustomActions.push_back(value); return *this; } /** *

The custom action definitions that are available for use in the firewall * policy's StatelessDefaultActions setting. You name each custom * action that you define, and then you can use it by name in your default actions * specifications.

*/ inline FirewallPolicy& AddStatelessCustomActions(CustomAction&& value) { m_statelessCustomActionsHasBeenSet = true; m_statelessCustomActions.push_back(std::move(value)); return *this; } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline const Aws::Vector& GetStatefulRuleGroupReferences() const{ return m_statefulRuleGroupReferences; } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline bool StatefulRuleGroupReferencesHasBeenSet() const { return m_statefulRuleGroupReferencesHasBeenSet; } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline void SetStatefulRuleGroupReferences(const Aws::Vector& value) { m_statefulRuleGroupReferencesHasBeenSet = true; m_statefulRuleGroupReferences = value; } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline void SetStatefulRuleGroupReferences(Aws::Vector&& value) { m_statefulRuleGroupReferencesHasBeenSet = true; m_statefulRuleGroupReferences = std::move(value); } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline FirewallPolicy& WithStatefulRuleGroupReferences(const Aws::Vector& value) { SetStatefulRuleGroupReferences(value); return *this;} /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline FirewallPolicy& WithStatefulRuleGroupReferences(Aws::Vector&& value) { SetStatefulRuleGroupReferences(std::move(value)); return *this;} /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline FirewallPolicy& AddStatefulRuleGroupReferences(const StatefulRuleGroupReference& value) { m_statefulRuleGroupReferencesHasBeenSet = true; m_statefulRuleGroupReferences.push_back(value); return *this; } /** *

References to the stateful rule groups that are used in the policy. These * define the inspection criteria in stateful rules.

*/ inline FirewallPolicy& AddStatefulRuleGroupReferences(StatefulRuleGroupReference&& value) { m_statefulRuleGroupReferencesHasBeenSet = true; m_statefulRuleGroupReferences.push_back(std::move(value)); return *this; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline const Aws::Vector& GetStatefulDefaultActions() const{ return m_statefulDefaultActions; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline bool StatefulDefaultActionsHasBeenSet() const { return m_statefulDefaultActionsHasBeenSet; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline void SetStatefulDefaultActions(const Aws::Vector& value) { m_statefulDefaultActionsHasBeenSet = true; m_statefulDefaultActions = value; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline void SetStatefulDefaultActions(Aws::Vector&& value) { m_statefulDefaultActionsHasBeenSet = true; m_statefulDefaultActions = std::move(value); } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline FirewallPolicy& WithStatefulDefaultActions(const Aws::Vector& value) { SetStatefulDefaultActions(value); return *this;} /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline FirewallPolicy& WithStatefulDefaultActions(Aws::Vector&& value) { SetStatefulDefaultActions(std::move(value)); return *this;} /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline FirewallPolicy& AddStatefulDefaultActions(const Aws::String& value) { m_statefulDefaultActionsHasBeenSet = true; m_statefulDefaultActions.push_back(value); return *this; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline FirewallPolicy& AddStatefulDefaultActions(Aws::String&& value) { m_statefulDefaultActionsHasBeenSet = true; m_statefulDefaultActions.push_back(std::move(value)); return *this; } /** *

The default actions to take on a packet that doesn't match any stateful * rules. The stateful default action is optional, and is only valid when using the * strict rule order.

Valid values of the stateful default action:

    *

  • aws:drop_strict

  • aws:drop_established

  • *

    aws:alert_strict

  • aws:alert_established

*

For more information, see Strict * evaluation order in the Network Firewall Developer Guide.

*/ inline FirewallPolicy& AddStatefulDefaultActions(const char* value) { m_statefulDefaultActionsHasBeenSet = true; m_statefulDefaultActions.push_back(value); return *this; } /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline const StatefulEngineOptions& GetStatefulEngineOptions() const{ return m_statefulEngineOptions; } /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline bool StatefulEngineOptionsHasBeenSet() const { return m_statefulEngineOptionsHasBeenSet; } /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline void SetStatefulEngineOptions(const StatefulEngineOptions& value) { m_statefulEngineOptionsHasBeenSet = true; m_statefulEngineOptions = value; } /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline void SetStatefulEngineOptions(StatefulEngineOptions&& value) { m_statefulEngineOptionsHasBeenSet = true; m_statefulEngineOptions = std::move(value); } /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline FirewallPolicy& WithStatefulEngineOptions(const StatefulEngineOptions& value) { SetStatefulEngineOptions(value); return *this;} /** *

Additional options governing how Network Firewall handles stateful rules. The * stateful rule groups that you use in your policy must have stateful rule options * settings that are compatible with these settings.

*/ inline FirewallPolicy& WithStatefulEngineOptions(StatefulEngineOptions&& value) { SetStatefulEngineOptions(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline const Aws::String& GetTLSInspectionConfigurationArn() const{ return m_tLSInspectionConfigurationArn; } /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline bool TLSInspectionConfigurationArnHasBeenSet() const { return m_tLSInspectionConfigurationArnHasBeenSet; } /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline void SetTLSInspectionConfigurationArn(const Aws::String& value) { m_tLSInspectionConfigurationArnHasBeenSet = true; m_tLSInspectionConfigurationArn = value; } /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline void SetTLSInspectionConfigurationArn(Aws::String&& value) { m_tLSInspectionConfigurationArnHasBeenSet = true; m_tLSInspectionConfigurationArn = std::move(value); } /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline void SetTLSInspectionConfigurationArn(const char* value) { m_tLSInspectionConfigurationArnHasBeenSet = true; m_tLSInspectionConfigurationArn.assign(value); } /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline FirewallPolicy& WithTLSInspectionConfigurationArn(const Aws::String& value) { SetTLSInspectionConfigurationArn(value); return *this;} /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline FirewallPolicy& WithTLSInspectionConfigurationArn(Aws::String&& value) { SetTLSInspectionConfigurationArn(std::move(value)); return *this;} /** *

The Amazon Resource Name (ARN) of the TLS inspection configuration.

*/ inline FirewallPolicy& WithTLSInspectionConfigurationArn(const char* value) { SetTLSInspectionConfigurationArn(value); return *this;} /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline const PolicyVariables& GetPolicyVariables() const{ return m_policyVariables; } /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline bool PolicyVariablesHasBeenSet() const { return m_policyVariablesHasBeenSet; } /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline void SetPolicyVariables(const PolicyVariables& value) { m_policyVariablesHasBeenSet = true; m_policyVariables = value; } /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline void SetPolicyVariables(PolicyVariables&& value) { m_policyVariablesHasBeenSet = true; m_policyVariables = std::move(value); } /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline FirewallPolicy& WithPolicyVariables(const PolicyVariables& value) { SetPolicyVariables(value); return *this;} /** *

Contains variables that you can use to override default Suricata settings in * your firewall policy.

*/ inline FirewallPolicy& WithPolicyVariables(PolicyVariables&& value) { SetPolicyVariables(std::move(value)); return *this;} private: Aws::Vector m_statelessRuleGroupReferences; bool m_statelessRuleGroupReferencesHasBeenSet = false; Aws::Vector m_statelessDefaultActions; bool m_statelessDefaultActionsHasBeenSet = false; Aws::Vector m_statelessFragmentDefaultActions; bool m_statelessFragmentDefaultActionsHasBeenSet = false; Aws::Vector m_statelessCustomActions; bool m_statelessCustomActionsHasBeenSet = false; Aws::Vector m_statefulRuleGroupReferences; bool m_statefulRuleGroupReferencesHasBeenSet = false; Aws::Vector m_statefulDefaultActions; bool m_statefulDefaultActionsHasBeenSet = false; StatefulEngineOptions m_statefulEngineOptions; bool m_statefulEngineOptionsHasBeenSet = false; Aws::String m_tLSInspectionConfigurationArn; bool m_tLSInspectionConfigurationArnHasBeenSet = false; PolicyVariables m_policyVariables; bool m_policyVariablesHasBeenSet = false; }; } // namespace Model } // namespace NetworkFirewall } // namespace Aws