com.amazonaws.services.networkfirewall.model

Class FirewallPolicy

java.lang.Object

com.amazonaws.services.networkfirewall.model.FirewallPolicy

All Implemented Interfaces:

StructuredPojo, Serializable, Cloneable

@Generated(value="com.amazonaws:aws-java-sdk-code-generator")
public class FirewallPolicy
extends Object
implements Serializable, Cloneable, StructuredPojo

The firewall policy defines the behavior of a firewall using a collection of stateless and stateful rule groups and other settings. You can use one firewall policy for multiple firewalls.

This, along with FirewallPolicyResponse, define the policy. You can retrieve all objects for a firewall policy by calling DescribeFirewallPolicy.

See Also:

AWS API Documentation, Serialized Form

Constructor Summary

Constructors

Constructor and Description
FirewallPolicy()

Method Summary

Modifier and Type	Method and Description
FirewallPolicy	clone()
boolean	equals(Object obj)
List<StatefulRuleGroupReference>	getStatefulRuleGroupReferences() References to the stateless rule groups that are used in the policy.
List<CustomAction>	getStatelessCustomActions() The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
List<String>	getStatelessDefaultActions() The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
List<String>	getStatelessFragmentDefaultActions() The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
List<StatelessRuleGroupReference>	getStatelessRuleGroupReferences() References to the stateless rule groups that are used in the policy.
int	hashCode()
void	marshall(ProtocolMarshaller protocolMarshaller) Marshalls this structured data using the given ProtocolMarshaller.
void	setStatefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences) References to the stateless rule groups that are used in the policy.
void	setStatelessCustomActions(Collection<CustomAction> statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
void	setStatelessDefaultActions(Collection<String> statelessDefaultActions) The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
void	setStatelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions) The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
void	setStatelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.
String	toString() Returns a string representation of this object.
FirewallPolicy	withStatefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy	withStatefulRuleGroupReferences(StatefulRuleGroupReference... statefulRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy	withStatelessCustomActions(Collection<CustomAction> statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
FirewallPolicy	withStatelessCustomActions(CustomAction... statelessCustomActions) The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting.
FirewallPolicy	withStatelessDefaultActions(Collection<String> statelessDefaultActions) The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy	withStatelessDefaultActions(String... statelessDefaultActions) The actions to take on a packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy	withStatelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions) The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy	withStatelessFragmentDefaultActions(String... statelessFragmentDefaultActions) The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy.
FirewallPolicy	withStatelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.
FirewallPolicy	withStatelessRuleGroupReferences(StatelessRuleGroupReference... statelessRuleGroupReferences) References to the stateless rule groups that are used in the policy.

Methods inherited from class java.lang.Object

getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

FirewallPolicy

public FirewallPolicy()

Method Detail

getStatelessRuleGroupReferences

public List<StatelessRuleGroupReference> getStatelessRuleGroupReferences()

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Returns:

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

setStatelessRuleGroupReferences

public void setStatelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Parameters:

statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

withStatelessRuleGroupReferences

public FirewallPolicy withStatelessRuleGroupReferences(StatelessRuleGroupReference... statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

NOTE: This method appends the values to the existing list (if any). Use setStatelessRuleGroupReferences(java.util.Collection) or withStatelessRuleGroupReferences(java.util.Collection) if you want to override the existing values.

Parameters:

statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

withStatelessRuleGroupReferences

public FirewallPolicy withStatelessRuleGroupReferences(Collection<StatelessRuleGroupReference> statelessRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Parameters:

statelessRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the matching criteria in stateless rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

getStatelessDefaultActions

public List<String> getStatelessDefaultActions()

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

setStatelessDefaultActions

public void setStatelessDefaultActions(Collection<String> statelessDefaultActions)

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

withStatelessDefaultActions

public FirewallPolicy withStatelessDefaultActions(String... statelessDefaultActions)

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

NOTE: This method appends the values to the existing list (if any). Use setStatelessDefaultActions(java.util.Collection) or withStatelessDefaultActions(java.util.Collection) if you want to override the existing values.

Parameters:

statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

withStatelessDefaultActions

public FirewallPolicy withStatelessDefaultActions(Collection<String> statelessDefaultActions)

The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessDefaultActions - The actions to take on a packet if it doesn't match any of the stateless rules in the policy. If you want non-matching packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

getStatelessFragmentDefaultActions

public List<String> getStatelessFragmentDefaultActions()

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

setStatelessFragmentDefaultActions

public void setStatelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions)

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

withStatelessFragmentDefaultActions

public FirewallPolicy withStatelessFragmentDefaultActions(String... statelessFragmentDefaultActions)

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

NOTE: This method appends the values to the existing list (if any). Use setStatelessFragmentDefaultActions(java.util.Collection) or withStatelessFragmentDefaultActions(java.util.Collection) if you want to override the existing values.

Parameters:

statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

withStatelessFragmentDefaultActions

public FirewallPolicy withStatelessFragmentDefaultActions(Collection<String> statelessFragmentDefaultActions)

The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Parameters:

statelessFragmentDefaultActions - The actions to take on a fragmented UDP packet if it doesn't match any of the stateless rules in the policy. Network Firewall only manages UDP packet fragments and silently drops packet fragments for other protocols. If you want non-matching fragmented UDP packets to be forwarded for stateful inspection, specify aws:forward_to_sfe.

You must specify one of the standard actions: aws:pass, aws:drop, or aws:forward_to_sfe. In addition, you can specify custom actions that are compatible with your standard section choice.

For example, you could specify ["aws:pass"] or you could specify ["aws:pass", “customActionName”]. For information about compatibility, see the custom action descriptions under CustomAction.

Returns:

Returns a reference to this object so that method calls can be chained together.

getStatelessCustomActions

public List<CustomAction> getStatelessCustomActions()

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns:

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

setStatelessCustomActions

public void setStatelessCustomActions(Collection<CustomAction> statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Parameters:

statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

withStatelessCustomActions

public FirewallPolicy withStatelessCustomActions(CustomAction... statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

NOTE: This method appends the values to the existing list (if any). Use setStatelessCustomActions(java.util.Collection) or withStatelessCustomActions(java.util.Collection) if you want to override the existing values.

Parameters:

statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns:

Returns a reference to this object so that method calls can be chained together.

withStatelessCustomActions

public FirewallPolicy withStatelessCustomActions(Collection<CustomAction> statelessCustomActions)

The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Parameters:

statelessCustomActions - The custom action definitions that are available for use in the firewall policy's StatelessDefaultActions setting. You name each custom action that you define, and then you can use it by name in your default actions specifications.

Returns:

Returns a reference to this object so that method calls can be chained together.

getStatefulRuleGroupReferences

public List<StatefulRuleGroupReference> getStatefulRuleGroupReferences()

References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Returns:

References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

setStatefulRuleGroupReferences

public void setStatefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Parameters:

statefulRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

withStatefulRuleGroupReferences

public FirewallPolicy withStatefulRuleGroupReferences(StatefulRuleGroupReference... statefulRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

NOTE: This method appends the values to the existing list (if any). Use setStatefulRuleGroupReferences(java.util.Collection) or withStatefulRuleGroupReferences(java.util.Collection) if you want to override the existing values.

Parameters:

statefulRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

withStatefulRuleGroupReferences

public FirewallPolicy withStatefulRuleGroupReferences(Collection<StatefulRuleGroupReference> statefulRuleGroupReferences)

References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Parameters:

statefulRuleGroupReferences - References to the stateless rule groups that are used in the policy. These define the inspection criteria in stateful rules.

Returns:

Returns a reference to this object so that method calls can be chained together.

toString

public String toString()

Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be redacted from this string using a placeholder value.

Overrides:

toString in class Object

Returns:

A string representation of this object.

See Also:

Object.toString()

equals

public boolean equals(Object obj)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

clone

public FirewallPolicy clone()

Overrides:

clone in class Object

marshall

public void marshall(ProtocolMarshaller protocolMarshaller)

Description copied from interface: StructuredPojo

Marshalls this structured data using the given ProtocolMarshaller.

Specified by:

marshall in interface StructuredPojo

Parameters:

protocolMarshaller - Implementation of ProtocolMarshaller used to marshall this object's data.