AWS::NetworkFirewall::RuleGroup StatefulRule
A single Suricata rules specification, for use in a stateful rule group.
Use this option to specify a simple Suricata rule with protocol, source and destination, ports, direction, and rule options.
For information about the Suricata Rules
format, see
Rules Format
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Action" :
String
, "Header" :Header
, "RuleOptions" :[ RuleOption, ... ]
}
YAML
Action:
String
Header:Header
RuleOptions:- RuleOption
Properties
Action
-
Defines what Network Firewall should do with the packets in a traffic flow when the flow matches the stateful rule criteria. For all actions, Network Firewall performs the specified action and discontinues stateful inspection of the traffic flow.
The actions for a stateful rule are defined as follows:
-
PASS - Permits the packets to go to the intended destination.
-
DROP - Blocks the packets from going to the intended destination and sends an alert log message, if alert logging is configured in the AWS::NetworkFirewall::Firewall AWS::NetworkFirewall::LoggingConfiguration.
-
ALERT - Permits the packets to go to the intended destination and sends an alert log message, if alert logging is configured in the AWS::NetworkFirewall::Firewall AWS::NetworkFirewall::LoggingConfiguration.
You can use this action to test a rule that you intend to use to drop traffic. You can enable the rule with
ALERT
action, verify in the logs that the rule is filtering as you want, then change the action toDROP
.
Required: Yes
Type: String
Allowed values:
ALERT | DROP | PASS | REJECT
Update requires: No interruption
-
Header
-
The stateful inspection criteria for this rule, used to inspect traffic flows.
Required: Yes
Type: Header
Update requires: No interruption
RuleOptions
-
Additional settings for a stateful rule, provided as keywords and settings.
Required: Yes
Type: List of RuleOption
Update requires: No interruption