| Copyright | (c) 2013-2021 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
Amazonka.NetworkFirewall.Types.StatefulRule
Description
Synopsis
- data StatefulRule = StatefulRule' {
- action :: StatefulAction
- header :: Header
- ruleOptions :: [RuleOption]
- newStatefulRule :: StatefulAction -> Header -> StatefulRule
- statefulRule_action :: Lens' StatefulRule StatefulAction
- statefulRule_header :: Lens' StatefulRule Header
- statefulRule_ruleOptions :: Lens' StatefulRule [RuleOption]
Documentation
data StatefulRule Source #
A single Suricata rules specification, for use in a stateful rule group.
Use this option to specify a simple Suricata rule with protocol, source
and destination, ports, direction, and rule options. For information
about the Suricata Rules format, see
Rules Format.
See: newStatefulRule smart constructor.
Constructors
| StatefulRule' | |
Fields
| |
Instances
Arguments
| :: StatefulAction | |
| -> Header | |
| -> StatefulRule |
Create a value of StatefulRule with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:action:StatefulRule', statefulRule_action - Defines what Network Firewall should do with the packets in a traffic
flow when the flow matches the stateful rule criteria. For all actions,
Network Firewall performs the specified action and discontinues stateful
inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
- PASS - Permits the packets to go to the intended destination.
- DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with
ALERTaction, verify in the logs that the rule is filtering as you want, then change the action toDROP.
$sel:header:StatefulRule', statefulRule_header - The stateful inspection criteria for this rule, used to inspect traffic
flows.
$sel:ruleOptions:StatefulRule', statefulRule_ruleOptions - Additional options for the rule. These are the Suricata RuleOptions
settings.
statefulRule_action :: Lens' StatefulRule StatefulAction Source #
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
- PASS - Permits the packets to go to the intended destination.
- DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the Firewall LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with
ALERTaction, verify in the logs that the rule is filtering as you want, then change the action toDROP.
statefulRule_header :: Lens' StatefulRule Header Source #
The stateful inspection criteria for this rule, used to inspect traffic flows.
statefulRule_ruleOptions :: Lens' StatefulRule [RuleOption] Source #
Additional options for the rule. These are the Suricata RuleOptions
settings.