/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the network-firewall-2020-11-12.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.NetworkFirewall.Model
{
/// <summary>
/// The firewall policy defines the behavior of a firewall using a collection of stateless
/// and stateful rule groups and other settings. You can use one firewall policy for multiple
/// firewalls.
///
///
/// <para>
/// This, along with <a>FirewallPolicyResponse</a>, define the policy. You can retrieve
/// all objects for a firewall policy by calling <a>DescribeFirewallPolicy</a>.
/// </para>
/// </summary>
public partial class FirewallPolicy
{
private PolicyVariables _policyVariables;
private List<string> _statefulDefaultActions = new List<string>();
private StatefulEngineOptions _statefulEngineOptions;
private List<StatefulRuleGroupReference> _statefulRuleGroupReferences = new List<StatefulRuleGroupReference>();
private List<CustomAction> _statelessCustomActions = new List<CustomAction>();
private List<string> _statelessDefaultActions = new List<string>();
private List<string> _statelessFragmentDefaultActions = new List<string>();
private List<StatelessRuleGroupReference> _statelessRuleGroupReferences = new List<StatelessRuleGroupReference>();
private string _tlsInspectionConfigurationArn;
/// <summary>
/// Gets and sets the property PolicyVariables.
/// <para>
/// Contains variables that you can use to override default Suricata settings in your
/// firewall policy.
/// </para>
/// </summary>
public PolicyVariables PolicyVariables
{
get { return this._policyVariables; }
set { this._policyVariables = value; }
}
// Check to see if PolicyVariables property is set
internal bool IsSetPolicyVariables()
{
return this._policyVariables != null;
}
/// <summary>
/// Gets and sets the property StatefulDefaultActions.
/// <para>
/// The default actions to take on a packet that doesn't match any stateful rules. The
/// stateful default action is optional, and is only valid when using the strict rule
/// order.
/// </para>
///
/// <para>
/// Valid values of the stateful default action:
/// </para>
/// <ul> <li>
/// <para>
/// aws:drop_strict
/// </para>
/// </li> <li>
/// <para>
/// aws:drop_established
/// </para>
/// </li> <li>
/// <para>
/// aws:alert_strict
/// </para>
/// </li> <li>
/// <para>
/// aws:alert_established
/// </para>
/// </li> </ul>
/// <para>
/// For more information, see <a href="https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html#suricata-strict-rule-evaluation-order.html">Strict
/// evaluation order</a> in the <i>Network Firewall Developer Guide</i>.
/// </para>
/// </summary>
public List<string> StatefulDefaultActions
{
get { return this._statefulDefaultActions; }
set { this._statefulDefaultActions = value; }
}
// Check to see if StatefulDefaultActions property is set
internal bool IsSetStatefulDefaultActions()
{
return this._statefulDefaultActions != null && this._statefulDefaultActions.Count > 0;
}
/// <summary>
/// Gets and sets the property StatefulEngineOptions.
/// <para>
/// Additional options governing how Network Firewall handles stateful rules. The stateful
/// rule groups that you use in your policy must have stateful rule options settings that
/// are compatible with these settings.
/// </para>
/// </summary>
public StatefulEngineOptions StatefulEngineOptions
{
get { return this._statefulEngineOptions; }
set { this._statefulEngineOptions = value; }
}
// Check to see if StatefulEngineOptions property is set
internal bool IsSetStatefulEngineOptions()
{
return this._statefulEngineOptions != null;
}
/// <summary>
/// Gets and sets the property StatefulRuleGroupReferences.
/// <para>
/// References to the stateful rule groups that are used in the policy. These define the
/// inspection criteria in stateful rules.
/// </para>
/// </summary>
public List<StatefulRuleGroupReference> StatefulRuleGroupReferences
{
get { return this._statefulRuleGroupReferences; }
set { this._statefulRuleGroupReferences = value; }
}
// Check to see if StatefulRuleGroupReferences property is set
internal bool IsSetStatefulRuleGroupReferences()
{
return this._statefulRuleGroupReferences != null && this._statefulRuleGroupReferences.Count > 0;
}
/// <summary>
/// Gets and sets the property StatelessCustomActions.
/// <para>
/// The custom action definitions that are available for use in the firewall policy's
/// <code>StatelessDefaultActions</code> setting. You name each custom action that you
/// define, and then you can use it by name in your default actions specifications.
/// </para>
/// </summary>
public List<CustomAction> StatelessCustomActions
{
get { return this._statelessCustomActions; }
set { this._statelessCustomActions = value; }
}
// Check to see if StatelessCustomActions property is set
internal bool IsSetStatelessCustomActions()
{
return this._statelessCustomActions != null && this._statelessCustomActions.Count > 0;
}
/// <summary>
/// Gets and sets the property StatelessDefaultActions.
/// <para>
/// The actions to take on a packet if it doesn't match any of the stateless rules in
/// the policy. If you want non-matching packets to be forwarded for stateful inspection,
/// specify <code>aws:forward_to_sfe</code>.
/// </para>
///
/// <para>
/// You must specify one of the standard actions: <code>aws:pass</code>, <code>aws:drop</code>,
/// or <code>aws:forward_to_sfe</code>. In addition, you can specify custom actions that
/// are compatible with your standard section choice.
/// </para>
///
/// <para>
/// For example, you could specify <code>["aws:pass"]</code> or you could specify <code>["aws:pass",
/// “customActionNameâ€]</code>. For information about compatibility, see the custom action
/// descriptions under <a>CustomAction</a>.
/// </para>
/// </summary>
[AWSProperty(Required=true)]
public List<string> StatelessDefaultActions
{
get { return this._statelessDefaultActions; }
set { this._statelessDefaultActions = value; }
}
// Check to see if StatelessDefaultActions property is set
internal bool IsSetStatelessDefaultActions()
{
return this._statelessDefaultActions != null && this._statelessDefaultActions.Count > 0;
}
/// <summary>
/// Gets and sets the property StatelessFragmentDefaultActions.
/// <para>
/// The actions to take on a fragmented UDP packet if it doesn't match any of the stateless
/// rules in the policy. Network Firewall only manages UDP packet fragments and silently
/// drops packet fragments for other protocols. If you want non-matching fragmented UDP
/// packets to be forwarded for stateful inspection, specify <code>aws:forward_to_sfe</code>.
///
/// </para>
///
/// <para>
/// You must specify one of the standard actions: <code>aws:pass</code>, <code>aws:drop</code>,
/// or <code>aws:forward_to_sfe</code>. In addition, you can specify custom actions that
/// are compatible with your standard section choice.
/// </para>
///
/// <para>
/// For example, you could specify <code>["aws:pass"]</code> or you could specify <code>["aws:pass",
/// “customActionNameâ€]</code>. For information about compatibility, see the custom action
/// descriptions under <a>CustomAction</a>.
/// </para>
/// </summary>
[AWSProperty(Required=true)]
public List<string> StatelessFragmentDefaultActions
{
get { return this._statelessFragmentDefaultActions; }
set { this._statelessFragmentDefaultActions = value; }
}
// Check to see if StatelessFragmentDefaultActions property is set
internal bool IsSetStatelessFragmentDefaultActions()
{
return this._statelessFragmentDefaultActions != null && this._statelessFragmentDefaultActions.Count > 0;
}
/// <summary>
/// Gets and sets the property StatelessRuleGroupReferences.
/// <para>
/// References to the stateless rule groups that are used in the policy. These define
/// the matching criteria in stateless rules.
/// </para>
/// </summary>
public List<StatelessRuleGroupReference> StatelessRuleGroupReferences
{
get { return this._statelessRuleGroupReferences; }
set { this._statelessRuleGroupReferences = value; }
}
// Check to see if StatelessRuleGroupReferences property is set
internal bool IsSetStatelessRuleGroupReferences()
{
return this._statelessRuleGroupReferences != null && this._statelessRuleGroupReferences.Count > 0;
}
/// <summary>
/// Gets and sets the property TLSInspectionConfigurationArn.
/// <para>
/// The Amazon Resource Name (ARN) of the TLS inspection configuration.
/// </para>
/// </summary>
[AWSProperty(Min=1, Max=256)]
public string TLSInspectionConfigurationArn
{
get { return this._tlsInspectionConfigurationArn; }
set { this._tlsInspectionConfigurationArn = value; }
}
// Check to see if TLSInspectionConfigurationArn property is set
internal bool IsSetTLSInspectionConfigurationArn()
{
return this._tlsInspectionConfigurationArn != null;
}
}
}