/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include namespace Aws { namespace Utils { namespace Json { class JsonValue; class JsonView; } // namespace Json } // namespace Utils namespace NetworkFirewall { namespace Model { /** *

The inspection criteria and action for a single stateless rule. Network * Firewall inspects each packet for the specified matching criteria. When a packet * matches the criteria, Network Firewall performs the rule's actions on the * packet.

See Also:

AWS * API Reference

*/ class RuleDefinition { public: AWS_NETWORKFIREWALL_API RuleDefinition(); AWS_NETWORKFIREWALL_API RuleDefinition(Aws::Utils::Json::JsonView jsonValue); AWS_NETWORKFIREWALL_API RuleDefinition& operator=(Aws::Utils::Json::JsonView jsonValue); AWS_NETWORKFIREWALL_API Aws::Utils::Json::JsonValue Jsonize() const; /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline const MatchAttributes& GetMatchAttributes() const{ return m_matchAttributes; } /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline bool MatchAttributesHasBeenSet() const { return m_matchAttributesHasBeenSet; } /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline void SetMatchAttributes(const MatchAttributes& value) { m_matchAttributesHasBeenSet = true; m_matchAttributes = value; } /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline void SetMatchAttributes(MatchAttributes&& value) { m_matchAttributesHasBeenSet = true; m_matchAttributes = std::move(value); } /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline RuleDefinition& WithMatchAttributes(const MatchAttributes& value) { SetMatchAttributes(value); return *this;} /** *

Criteria for Network Firewall to use to inspect an individual packet in * stateless rule inspection. Each match attributes set can include one or more * items such as IP address, CIDR range, port number, protocol, and TCP flags.

*/ inline RuleDefinition& WithMatchAttributes(MatchAttributes&& value) { SetMatchAttributes(std::move(value)); return *this;} /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline const Aws::Vector& GetActions() const{ return m_actions; } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline bool ActionsHasBeenSet() const { return m_actionsHasBeenSet; } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline void SetActions(const Aws::Vector& value) { m_actionsHasBeenSet = true; m_actions = value; } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline void SetActions(Aws::Vector&& value) { m_actionsHasBeenSet = true; m_actions = std::move(value); } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline RuleDefinition& WithActions(const Aws::Vector& value) { SetActions(value); return *this;} /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline RuleDefinition& WithActions(Aws::Vector&& value) { SetActions(std::move(value)); return *this;} /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline RuleDefinition& AddActions(const Aws::String& value) { m_actionsHasBeenSet = true; m_actions.push_back(value); return *this; } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline RuleDefinition& AddActions(Aws::String&& value) { m_actionsHasBeenSet = true; m_actions.push_back(std::move(value)); return *this; } /** *

The actions to take on a packet that matches one of the stateless rule * definition's match attributes. You must specify a standard action and you can * add custom actions.

Network Firewall only forwards a packet for * stateful rule inspection if you specify aws:forward_to_sfe for a * rule that the packet matches, or if the packet doesn't match any stateless rule * and you specify aws:forward_to_sfe for the * StatelessDefaultActions setting for the FirewallPolicy.

*

For every rule, you must specify exactly one of the following * standard actions.

  • aws:pass - Discontinues all * inspection of the packet and permits it to go to its intended destination.

    *

  • aws:drop - Discontinues all inspection of the packet and * blocks it from going to its intended destination.

  • * aws:forward_to_sfe - Discontinues stateless inspection of the packet and * forwards it to the stateful rule engine for inspection.

*

Additionally, you can specify a custom action. To do this, you define a * custom action by name and type, then provide the name you've assigned to the * action in this Actions setting. For information about the options, * see CustomAction.

To provide more than one action in this * setting, separate the settings with a comma. For example, if you have a custom * PublishMetrics action that you've named * MyMetricsAction, then you could specify the standard action * aws:pass and the custom action with [“aws:pass”, * “MyMetricsAction��].

*/ inline RuleDefinition& AddActions(const char* value) { m_actionsHasBeenSet = true; m_actions.push_back(value); return *this; } private: MatchAttributes m_matchAttributes; bool m_matchAttributesHasBeenSet = false; Aws::Vector m_actions; bool m_actionsHasBeenSet = false; }; } // namespace Model } // namespace NetworkFirewall } // namespace Aws