libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.NetworkFirewall.Types.FirewallPolicy

Description

 
Synopsis

Documentation

data FirewallPolicy Source #

The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.

This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.

See: newFirewallPolicy smart constructor.

Constructors

FirewallPolicy' 

Fields

  • statefulEngineOptions :: Maybe StatefulEngineOptions

    Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

  • statefulRuleGroupReferences :: Maybe [StatefulRuleGroupReference]

    References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

  • statelessRuleGroupReferences :: Maybe [StatelessRuleGroupReference]

    References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

  • statelessCustomActions :: Maybe [CustomAction]

    The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

  • statefulDefaultActions :: Maybe [Text]

    The default actions to take on a packet that doesn't match any stateful rules.

  • statelessDefaultActions :: [Text]

    The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

    You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

    For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

  • statelessFragmentDefaultActions :: [Text]

    The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

    You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

    For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Instances

Instances details
Eq FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

Read FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

Show FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

Generic FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

Associated Types

type Rep FirewallPolicy :: Type -> Type #

NFData FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

Methods

rnf :: FirewallPolicy -> () #

Hashable FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

ToJSON FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

FromJSON FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

type Rep FirewallPolicy Source # 
Instance details

Defined in Amazonka.NetworkFirewall.Types.FirewallPolicy

type Rep FirewallPolicy = D1 ('MetaData "FirewallPolicy" "Amazonka.NetworkFirewall.Types.FirewallPolicy" "libZSservicesZSamazonka-network-firewallZSamazonka-network-firewall" 'False) (C1 ('MetaCons "FirewallPolicy'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "statefulEngineOptions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe StatefulEngineOptions)) :*: (S1 ('MetaSel ('Just "statefulRuleGroupReferences") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StatefulRuleGroupReference])) :*: S1 ('MetaSel ('Just "statelessRuleGroupReferences") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [StatelessRuleGroupReference])))) :*: ((S1 ('MetaSel ('Just "statelessCustomActions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [CustomAction])) :*: S1 ('MetaSel ('Just "statefulDefaultActions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text]))) :*: (S1 ('MetaSel ('Just "statelessDefaultActions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 [Text]) :*: S1 ('MetaSel ('Just "statelessFragmentDefaultActions") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 [Text])))))

newFirewallPolicy :: FirewallPolicy Source #

Create a value of FirewallPolicy with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:statefulEngineOptions:FirewallPolicy', firewallPolicy_statefulEngineOptions - Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

$sel:statefulRuleGroupReferences:FirewallPolicy', firewallPolicy_statefulRuleGroupReferences - References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

$sel:statelessRuleGroupReferences:FirewallPolicy', firewallPolicy_statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

$sel:statelessCustomActions:FirewallPolicy', firewallPolicy_statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

$sel:statefulDefaultActions:FirewallPolicy', firewallPolicy_statefulDefaultActions - The default actions to take on a packet that doesn't match any stateful rules.

$sel:statelessDefaultActions:FirewallPolicy', firewallPolicy_statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

$sel:statelessFragmentDefaultActions:FirewallPolicy', firewallPolicy_statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

firewallPolicy_statefulEngineOptions :: Lens' FirewallPolicy (Maybe StatefulEngineOptions) Source #

Additional options governing how Network Firewall handles stateful rules. The stateful rule groups that you use in your policy must have stateful rule options settings that are compatible with these settings.

firewallPolicy_statefulRuleGroupReferences :: Lens' FirewallPolicy (Maybe [StatefulRuleGroupReference]) Source #

References to the stateful rule groups that are used in the policy. These define the inspection criteria in stateful rules.

firewallPolicy_statelessRuleGroupReferences :: Lens' FirewallPolicy (Maybe [StatelessRuleGroupReference]) Source #

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

firewallPolicy_statelessCustomActions :: Lens' FirewallPolicy (Maybe [CustomAction]) Source #

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

firewallPolicy_statefulDefaultActions :: Lens' FirewallPolicy (Maybe [Text]) Source #

The default actions to take on a packet that doesn't match any stateful rules.

firewallPolicy_statelessDefaultActions :: Lens' FirewallPolicy [Text] Source #

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

firewallPolicy_statelessFragmentDefaultActions :: Lens' FirewallPolicy [Text] Source #

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.