Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.NetworkFirewall.Types.StatefulEngineOptions

Description

Documentation

data StatefulEngineOptions Source #

Configuration settings for the handling of the stateful rule groups in a firewall policy.

See: newStatefulEngineOptions smart constructor.

Constructors

StatefulEngineOptions'

Fields

ruleOrder :: Maybe RuleOrder
Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.
streamExceptionPolicy :: Maybe StreamExceptionPolicy
Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.
- DROP - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.
- CONTINUE - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to drop http traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless rule would still match, as would the aws:drop_strict default action.

Instances

Instances details

FromJSON StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods parseJSON :: Value -> Parser StatefulEngineOptions # parseJSONList :: Value -> Parser [StatefulEngineOptions] #
ToJSON StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods toJSON :: StatefulEngineOptions -> Value # toEncoding :: StatefulEngineOptions -> Encoding # toJSONList :: [StatefulEngineOptions] -> Value # toEncodingList :: [StatefulEngineOptions] -> Encoding #
Generic StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Associated Types type Rep StatefulEngineOptions :: Type -> Type # Methods from :: StatefulEngineOptions -> Rep StatefulEngineOptions x # to :: Rep StatefulEngineOptions x -> StatefulEngineOptions #
Read StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods readsPrec :: Int -> ReadS StatefulEngineOptions # readList :: ReadS [StatefulEngineOptions] # readPrec :: ReadPrec StatefulEngineOptions # readListPrec :: ReadPrec [StatefulEngineOptions] #
Show StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods showsPrec :: Int -> StatefulEngineOptions -> ShowS # show :: StatefulEngineOptions -> String # showList :: [StatefulEngineOptions] -> ShowS #
NFData StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods rnf :: StatefulEngineOptions -> () #
Eq StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods (==) :: StatefulEngineOptions -> StatefulEngineOptions -> Bool # (/=) :: StatefulEngineOptions -> StatefulEngineOptions -> Bool #
Hashable StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions Methods hashWithSalt :: Int -> StatefulEngineOptions -> Int # hash :: StatefulEngineOptions -> Int #
type Rep StatefulEngineOptions Source #
Instance details Defined in Amazonka.NetworkFirewall.Types.StatefulEngineOptions type Rep StatefulEngineOptions = D1 ('MetaData "StatefulEngineOptions" "Amazonka.NetworkFirewall.Types.StatefulEngineOptions" "amazonka-network-firewall-2.0-4y6HybZBSNcEwGPO5AYVfm" 'False) (C1 ('MetaCons "StatefulEngineOptions'" 'PrefixI 'True) (S1 ('MetaSel ('Just "ruleOrder") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe RuleOrder)) :*: S1 ('MetaSel ('Just "streamExceptionPolicy") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe StreamExceptionPolicy))))

newStatefulEngineOptions :: StatefulEngineOptions Source #

Create a value of StatefulEngineOptions with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:ruleOrder:StatefulEngineOptions', statefulEngineOptions_ruleOrder - Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.

$sel:streamExceptionPolicy:StatefulEngineOptions', statefulEngineOptions_streamExceptionPolicy - Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.

DROP - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.
CONTINUE - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to drop http traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless rule would still match, as would the aws:drop_strict default action.

statefulEngineOptions_ruleOrder :: Lens' StatefulEngineOptions (Maybe RuleOrder) Source #

Indicates how to manage the order of stateful rule evaluation for the policy. DEFAULT_ACTION_ORDER is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see Evaluation order for stateful rules in the Network Firewall Developer Guide.

statefulEngineOptions_streamExceptionPolicy :: Lens' StatefulEngineOptions (Maybe StreamExceptionPolicy) Source #

Configures how Network Firewall processes traffic when a network connection breaks midstream. Network connections can break due to disruptions in external networks or within the firewall itself.

DROP - Network Firewall fails closed and drops all subsequent traffic going to the firewall. This is the default behavior.
CONTINUE - Network Firewall continues to apply rules to the subsequent traffic without context from traffic before the break. This impacts the behavior of rules that depend on this context. For example, if you have a stateful rule to drop http traffic, Network Firewall won't match the traffic for this rule because the service won't have the context from session initialization defining the application layer protocol as HTTP. However, this behavior is rule dependent—a TCP-layer rule using a flow:stateless rule would still match, as would the aws:drop_strict default action.