com.amazonaws.services.networkfirewall.model.RuleDefinition Maven / Gradle / Ivy
Show all versions of aws-java-sdk-networkfirewall Show documentation
/*
* Copyright 2019-2024 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.networkfirewall.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.protocol.StructuredPojo;
import com.amazonaws.protocol.ProtocolMarshaller;
/**
*
* The inspection criteria and action for a single stateless rule. Network Firewall inspects each packet for the
* specified matching criteria. When a packet matches the criteria, Network Firewall performs the rule's actions on the
* packet.
*
*
* @see AWS
* API Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class RuleDefinition implements Serializable, Cloneable, StructuredPojo {
/**
*
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match
* attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP
* flags.
*
*/
private MatchAttributes matchAttributes;
/**
*
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must
* specify a standard action and you can add custom actions.
*
*
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any stateless
* rule and you specify aws:forward_to_sfe for the StatelessDefaultActions setting for the
* FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule
* engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type, then
* provide the name you've assigned to the action in this Actions setting. For information about the
* options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you have a
* custom PublishMetrics action that you've named MyMetricsAction, then you could specify
* the standard action aws:pass and the custom action with [“aws:pass”, “MyMetricsAction”]
* .
*
*/
private java.util.List actions;
/**
*
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match
* attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP
* flags.
*
*
* @param matchAttributes
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each
* match attributes set can include one or more items such as IP address, CIDR range, port number, protocol,
* and TCP flags.
*/
public void setMatchAttributes(MatchAttributes matchAttributes) {
this.matchAttributes = matchAttributes;
}
/**
*
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match
* attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP
* flags.
*
*
* @return Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each
* match attributes set can include one or more items such as IP address, CIDR range, port number, protocol,
* and TCP flags.
*/
public MatchAttributes getMatchAttributes() {
return this.matchAttributes;
}
/**
*
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match
* attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP
* flags.
*
*
* @param matchAttributes
* Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each
* match attributes set can include one or more items such as IP address, CIDR range, port number, protocol,
* and TCP flags.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RuleDefinition withMatchAttributes(MatchAttributes matchAttributes) {
setMatchAttributes(matchAttributes);
return this;
}
/**
*
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must
* specify a standard action and you can add custom actions.
*
*
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any stateless
* rule and you specify aws:forward_to_sfe for the StatelessDefaultActions setting for the
* FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule
* engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type, then
* provide the name you've assigned to the action in this Actions setting. For information about the
* options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you have a
* custom PublishMetrics action that you've named MyMetricsAction, then you could specify
* the standard action aws:pass and the custom action with [“aws:pass”, “MyMetricsAction”]
* .
*
*
* @return The actions to take on a packet that matches one of the stateless rule definition's match attributes. You
* must specify a standard action and you can add custom actions.
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any
* stateless rule and you specify aws:forward_to_sfe for the
* StatelessDefaultActions setting for the FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended
* destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended
* destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the
* stateful rule engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type,
* then provide the name you've assigned to the action in this Actions setting. For information
* about the options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you
* have a custom PublishMetrics action that you've named MyMetricsAction, then you
* could specify the standard action aws:pass and the custom action with
* [“aws:pass”, “MyMetricsAction”].
*/
public java.util.List getActions() {
return actions;
}
/**
*
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must
* specify a standard action and you can add custom actions.
*
*
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any stateless
* rule and you specify aws:forward_to_sfe for the StatelessDefaultActions setting for the
* FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule
* engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type, then
* provide the name you've assigned to the action in this Actions setting. For information about the
* options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you have a
* custom PublishMetrics action that you've named MyMetricsAction, then you could specify
* the standard action aws:pass and the custom action with [“aws:pass”, “MyMetricsAction”]
* .
*
*
* @param actions
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You
* must specify a standard action and you can add custom actions.
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any
* stateless rule and you specify aws:forward_to_sfe for the
* StatelessDefaultActions setting for the FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended
* destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended
* destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the
* stateful rule engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type,
* then provide the name you've assigned to the action in this Actions setting. For information
* about the options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you
* have a custom PublishMetrics action that you've named MyMetricsAction, then you
* could specify the standard action aws:pass and the custom action with
* [“aws:pass”, “MyMetricsAction”].
*/
public void setActions(java.util.Collection actions) {
if (actions == null) {
this.actions = null;
return;
}
this.actions = new java.util.ArrayList(actions);
}
/**
*
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must
* specify a standard action and you can add custom actions.
*
*
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any stateless
* rule and you specify aws:forward_to_sfe for the StatelessDefaultActions setting for the
* FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule
* engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type, then
* provide the name you've assigned to the action in this Actions setting. For information about the
* options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you have a
* custom PublishMetrics action that you've named MyMetricsAction, then you could specify
* the standard action aws:pass and the custom action with [“aws:pass”, “MyMetricsAction”]
* .
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setActions(java.util.Collection)} or {@link #withActions(java.util.Collection)} if you want to override
* the existing values.
*
*
* @param actions
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You
* must specify a standard action and you can add custom actions.
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any
* stateless rule and you specify aws:forward_to_sfe for the
* StatelessDefaultActions setting for the FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended
* destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended
* destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the
* stateful rule engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type,
* then provide the name you've assigned to the action in this Actions setting. For information
* about the options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you
* have a custom PublishMetrics action that you've named MyMetricsAction, then you
* could specify the standard action aws:pass and the custom action with
* [“aws:pass”, “MyMetricsAction”].
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RuleDefinition withActions(String... actions) {
if (this.actions == null) {
setActions(new java.util.ArrayList(actions.length));
}
for (String ele : actions) {
this.actions.add(ele);
}
return this;
}
/**
*
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You must
* specify a standard action and you can add custom actions.
*
*
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any stateless
* rule and you specify aws:forward_to_sfe for the StatelessDefaultActions setting for the
* FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the stateful rule
* engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type, then
* provide the name you've assigned to the action in this Actions setting. For information about the
* options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you have a
* custom PublishMetrics action that you've named MyMetricsAction, then you could specify
* the standard action aws:pass and the custom action with [“aws:pass”, “MyMetricsAction”]
* .
*
*
* @param actions
* The actions to take on a packet that matches one of the stateless rule definition's match attributes. You
* must specify a standard action and you can add custom actions.
*
* Network Firewall only forwards a packet for stateful rule inspection if you specify
* aws:forward_to_sfe for a rule that the packet matches, or if the packet doesn't match any
* stateless rule and you specify aws:forward_to_sfe for the
* StatelessDefaultActions setting for the FirewallPolicy.
*
*
*
* For every rule, you must specify exactly one of the following standard actions.
*
*
* -
*
* aws:pass - Discontinues all inspection of the packet and permits it to go to its intended
* destination.
*
*
* -
*
* aws:drop - Discontinues all inspection of the packet and blocks it from going to its intended
* destination.
*
*
* -
*
* aws:forward_to_sfe - Discontinues stateless inspection of the packet and forwards it to the
* stateful rule engine for inspection.
*
*
*
*
* Additionally, you can specify a custom action. To do this, you define a custom action by name and type,
* then provide the name you've assigned to the action in this Actions setting. For information
* about the options, see CustomAction.
*
*
* To provide more than one action in this setting, separate the settings with a comma. For example, if you
* have a custom PublishMetrics action that you've named MyMetricsAction, then you
* could specify the standard action aws:pass and the custom action with
* [“aws:pass”, “MyMetricsAction”].
* @return Returns a reference to this object so that method calls can be chained together.
*/
public RuleDefinition withActions(java.util.Collection actions) {
setActions(actions);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getMatchAttributes() != null)
sb.append("MatchAttributes: ").append(getMatchAttributes()).append(",");
if (getActions() != null)
sb.append("Actions: ").append(getActions());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof RuleDefinition == false)
return false;
RuleDefinition other = (RuleDefinition) obj;
if (other.getMatchAttributes() == null ^ this.getMatchAttributes() == null)
return false;
if (other.getMatchAttributes() != null && other.getMatchAttributes().equals(this.getMatchAttributes()) == false)
return false;
if (other.getActions() == null ^ this.getActions() == null)
return false;
if (other.getActions() != null && other.getActions().equals(this.getActions()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getMatchAttributes() == null) ? 0 : getMatchAttributes().hashCode());
hashCode = prime * hashCode + ((getActions() == null) ? 0 : getActions().hashCode());
return hashCode;
}
@Override
public RuleDefinition clone() {
try {
return (RuleDefinition) super.clone();
} catch (CloneNotSupportedException e) {
throw new IllegalStateException("Got a CloneNotSupportedException from Object.clone() " + "even though we're Cloneable!", e);
}
}
@com.amazonaws.annotation.SdkInternalApi
@Override
public void marshall(ProtocolMarshaller protocolMarshaller) {
com.amazonaws.services.networkfirewall.model.transform.RuleDefinitionMarshaller.getInstance().marshall(this, protocolMarshaller);
}
}