aws-sdk-networkfirewall 1.21.0 → 1.23.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b6711c7041c19435c83d4ee06911d89c8a6aa3fa2fd70595500a36f2640ed36b
4
- data.tar.gz: 5922f0a171373f86b49b8c1db00f364c76b8650b8c9811845d1f6882172cea28
3
+ metadata.gz: 19321febeaca00db82ed0f8cace3d5c15661473db38a4e30a1f870f23d7c638e
4
+ data.tar.gz: 769f88cc610dacb69001414bbe7980c77960712610b52bd03089dc49514d3738
5
5
  SHA512:
6
- metadata.gz: e327916d7a2018b9c7915da204e7b0b50319c19414dd9201796eb53d4773c48b85df378366f165aa3053bb3574b82f594f8774823068ef011e510881693fb881
7
- data.tar.gz: fedfe773dc0fa65dc846bf186edc01de337d43286fa15cb2d9229ed7f95feefdfef3448c30649f344812fed56fed43d783c2617a2b96edd9aa9aaae53d1394a2
6
+ metadata.gz: 486e6a6c074541bb8d2e367439a635a823ae0a79fa4ac247d9ee4c42e9beb91c31cd9bd192c2eeb9b30779ad765652ed41a2c549ee6b4f0aa61f3ac33bc43f28
7
+ data.tar.gz: 34d55f958a8bba9107a7bb6b7ff5b2628762ad80523cb2854ba25e0ec461a59e5b9810aeec0112d9bac6884d2875aec95b46e8b863525db3db355afa46f74302
data/CHANGELOG.md CHANGED
@@ -1,6 +1,16 @@
1
1
  Unreleased Changes
2
2
  ------------------
3
3
 
4
+ 1.23.0 (2023-01-17)
5
+ ------------------
6
+
7
+ * Feature - Network Firewall now allows creation of dual stack endpoints, enabling inspection of IPv6 traffic.
8
+
9
+ 1.22.0 (2023-01-09)
10
+ ------------------
11
+
12
+ * Feature - Network Firewall now supports the Suricata rule action reject, in addition to the actions pass, drop, and alert.
13
+
4
14
  1.21.0 (2022-12-28)
5
15
  ------------------
6
16
 
data/VERSION CHANGED
@@ -1 +1 @@
1
- 1.21.0
1
+ 1.23.0
@@ -509,6 +509,7 @@ module Aws::NetworkFirewall
509
509
  # subnet_mappings: [ # required
510
510
  # {
511
511
  # subnet_id: "CollectionMember_String", # required
512
+ # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
512
513
  # },
513
514
  # ],
514
515
  # })
@@ -519,6 +520,7 @@ module Aws::NetworkFirewall
519
520
  # resp.firewall_name #=> String
520
521
  # resp.subnet_mappings #=> Array
521
522
  # resp.subnet_mappings[0].subnet_id #=> String
523
+ # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
522
524
  # resp.update_token #=> String
523
525
  #
524
526
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets AWS API Documentation
@@ -618,6 +620,7 @@ module Aws::NetworkFirewall
618
620
  # subnet_mappings: [ # required
619
621
  # {
620
622
  # subnet_id: "CollectionMember_String", # required
623
+ # ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
621
624
  # },
622
625
  # ],
623
626
  # delete_protection: false,
@@ -644,6 +647,7 @@ module Aws::NetworkFirewall
644
647
  # resp.firewall.vpc_id #=> String
645
648
  # resp.firewall.subnet_mappings #=> Array
646
649
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
650
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
647
651
  # resp.firewall.delete_protection #=> Boolean
648
652
  # resp.firewall.subnet_change_protection #=> Boolean
649
653
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -961,7 +965,7 @@ module Aws::NetworkFirewall
961
965
  # },
962
966
  # stateful_rules: [
963
967
  # {
964
- # action: "PASS", # required, accepts PASS, DROP, ALERT
968
+ # action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
965
969
  # header: { # required
966
970
  # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
967
971
  # source: "Source", # required
@@ -1137,6 +1141,7 @@ module Aws::NetworkFirewall
1137
1141
  # resp.firewall.vpc_id #=> String
1138
1142
  # resp.firewall.subnet_mappings #=> Array
1139
1143
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
1144
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
1140
1145
  # resp.firewall.delete_protection #=> Boolean
1141
1146
  # resp.firewall.subnet_change_protection #=> Boolean
1142
1147
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1345,6 +1350,7 @@ module Aws::NetworkFirewall
1345
1350
  # resp.firewall.vpc_id #=> String
1346
1351
  # resp.firewall.subnet_mappings #=> Array
1347
1352
  # resp.firewall.subnet_mappings[0].subnet_id #=> String
1353
+ # resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
1348
1354
  # resp.firewall.delete_protection #=> Boolean
1349
1355
  # resp.firewall.subnet_change_protection #=> Boolean
1350
1356
  # resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1579,7 +1585,7 @@ module Aws::NetworkFirewall
1579
1585
  # resp.rule_group.rules_source.rules_source_list.target_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
1580
1586
  # resp.rule_group.rules_source.rules_source_list.generated_rules_type #=> String, one of "ALLOWLIST", "DENYLIST"
1581
1587
  # resp.rule_group.rules_source.stateful_rules #=> Array
1582
- # resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT"
1588
+ # resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT", "REJECT"
1583
1589
  # resp.rule_group.rules_source.stateful_rules[0].header.protocol #=> String, one of "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP"
1584
1590
  # resp.rule_group.rules_source.stateful_rules[0].header.source #=> String
1585
1591
  # resp.rule_group.rules_source.stateful_rules[0].header.source_port #=> String
@@ -1767,6 +1773,7 @@ module Aws::NetworkFirewall
1767
1773
  # resp.firewall_name #=> String
1768
1774
  # resp.subnet_mappings #=> Array
1769
1775
  # resp.subnet_mappings[0].subnet_id #=> String
1776
+ # resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
1770
1777
  # resp.update_token #=> String
1771
1778
  #
1772
1779
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets AWS API Documentation
@@ -2803,7 +2810,7 @@ module Aws::NetworkFirewall
2803
2810
  # },
2804
2811
  # stateful_rules: [
2805
2812
  # {
2806
- # action: "PASS", # required, accepts PASS, DROP, ALERT
2813
+ # action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
2807
2814
  # header: { # required
2808
2815
  # protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
2809
2816
  # source: "Source", # required
@@ -3007,7 +3014,7 @@ module Aws::NetworkFirewall
3007
3014
  params: params,
3008
3015
  config: config)
3009
3016
  context[:gem_name] = 'aws-sdk-networkfirewall'
3010
- context[:gem_version] = '1.21.0'
3017
+ context[:gem_version] = '1.23.0'
3011
3018
  Seahorse::Client::Request.new(handlers, context)
3012
3019
  end
3013
3020
 
@@ -86,6 +86,7 @@ module Aws::NetworkFirewall
86
86
  HashMapKey = Shapes::StringShape.new(name: 'HashMapKey')
87
87
  HashMapValue = Shapes::StringShape.new(name: 'HashMapValue')
88
88
  Header = Shapes::StructureShape.new(name: 'Header')
89
+ IPAddressType = Shapes::StringShape.new(name: 'IPAddressType')
89
90
  IPSet = Shapes::StructureShape.new(name: 'IPSet')
90
91
  IPSetArn = Shapes::StringShape.new(name: 'IPSetArn')
91
92
  IPSetMetadata = Shapes::StructureShape.new(name: 'IPSetMetadata')
@@ -740,6 +741,7 @@ module Aws::NetworkFirewall
740
741
  StatelessRulesAndCustomActions.struct_class = Types::StatelessRulesAndCustomActions
741
742
 
742
743
  SubnetMapping.add_member(:subnet_id, Shapes::ShapeRef.new(shape: CollectionMember_String, required: true, location_name: "SubnetId"))
744
+ SubnetMapping.add_member(:ip_address_type, Shapes::ShapeRef.new(shape: IPAddressType, location_name: "IPAddressType"))
743
745
  SubnetMapping.struct_class = Types::SubnetMapping
744
746
 
745
747
  SubnetMappings.member = Shapes::ShapeRef.new(shape: SubnetMapping)
@@ -39,7 +39,7 @@ module Aws::NetworkFirewall
39
39
  # @!attribute [rw] address_definition
40
40
  # Specify an IP address or a block of IP addresses in Classless
41
41
  # Inter-Domain Routing (CIDR) notation. Network Firewall supports all
42
- # address ranges for IPv4.
42
+ # address ranges for IPv4 and IPv6.
43
43
  #
44
44
  # Examples:
45
45
  #
@@ -49,6 +49,15 @@ module Aws::NetworkFirewall
49
49
  # * To configure Network Firewall to inspect for IP addresses from
50
50
  # 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
51
51
  #
52
+ # * To configure Network Firewall to inspect for the IP address
53
+ # 1111:0000:0000:0000:0000:0000:0000:0111, specify
54
+ # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
55
+ #
56
+ # * To configure Network Firewall to inspect for IP addresses from
57
+ # 1111:0000:0000:0000:0000:0000:0000:0000 to
58
+ # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
59
+ # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
60
+ #
52
61
  # For more information about CIDR notation, see the Wikipedia entry
53
62
  # [Classless Inter-Domain Routing][1].
54
63
  #
@@ -1797,7 +1806,7 @@ module Aws::NetworkFirewall
1797
1806
  #
1798
1807
  # Specify an IP address or a block of IP addresses in Classless
1799
1808
  # Inter-Domain Routing (CIDR) notation. Network Firewall supports all
1800
- # address ranges for IPv4.
1809
+ # address ranges for IPv4 and IPv6.
1801
1810
  #
1802
1811
  # Examples:
1803
1812
  #
@@ -1807,6 +1816,15 @@ module Aws::NetworkFirewall
1807
1816
  # * To configure Network Firewall to inspect for IP addresses from
1808
1817
  # 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
1809
1818
  #
1819
+ # * To configure Network Firewall to inspect for the IP address
1820
+ # 1111:0000:0000:0000:0000:0000:0000:0111, specify
1821
+ # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
1822
+ #
1823
+ # * To configure Network Firewall to inspect for IP addresses from
1824
+ # 1111:0000:0000:0000:0000:0000:0000:0000 to
1825
+ # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1826
+ # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
1827
+ #
1810
1828
  # For more information about CIDR notation, see the Wikipedia entry
1811
1829
  # [Classless Inter-Domain Routing][1].
1812
1830
  #
@@ -1835,7 +1853,7 @@ module Aws::NetworkFirewall
1835
1853
  #
1836
1854
  # Specify an IP address or a block of IP addresses in Classless
1837
1855
  # Inter-Domain Routing (CIDR) notation. Network Firewall supports all
1838
- # address ranges for IPv4.
1856
+ # address ranges for IPv4 and IPv6.
1839
1857
  #
1840
1858
  # Examples:
1841
1859
  #
@@ -1845,6 +1863,15 @@ module Aws::NetworkFirewall
1845
1863
  # * To configure Network Firewall to inspect for IP addresses from
1846
1864
  # 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
1847
1865
  #
1866
+ # * To configure Network Firewall to inspect for the IP address
1867
+ # 1111:0000:0000:0000:0000:0000:0000:0111, specify
1868
+ # `1111:0000:0000:0000:0000:0000:0000:0111/128`.
1869
+ #
1870
+ # * To configure Network Firewall to inspect for IP addresses from
1871
+ # 1111:0000:0000:0000:0000:0000:0000:0000 to
1872
+ # 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
1873
+ # `1111:0000:0000:0000:0000:0000:0000:0000/64`.
1874
+ #
1848
1875
  # For more information about CIDR notation, see the Wikipedia entry
1849
1876
  # [Classless Inter-Domain Routing][1].
1850
1877
  #
@@ -3054,6 +3081,16 @@ module Aws::NetworkFirewall
3054
3081
  # drop traffic. You can enable the rule with `ALERT` action, verify
3055
3082
  # in the logs that the rule is filtering as you want, then change
3056
3083
  # the action to `DROP`.
3084
+ #
3085
+ # * **REJECT** - Drops TCP traffic that matches the conditions of the
3086
+ # stateful rule, and sends a TCP reset packet back to sender of the
3087
+ # packet. A TCP reset packet is a packet with no payload and a `RST`
3088
+ # bit contained in the TCP header flags. Also sends an alert log
3089
+ # mesage if alert logging is configured in the Firewall
3090
+ # LoggingConfiguration.
3091
+ #
3092
+ # `REJECT` isn't currently available for use with IMAP and FTP
3093
+ # protocols.
3057
3094
  # @return [String]
3058
3095
  #
3059
3096
  # @!attribute [rw] header
@@ -3249,10 +3286,16 @@ module Aws::NetworkFirewall
3249
3286
  # The unique identifier for the subnet.
3250
3287
  # @return [String]
3251
3288
  #
3289
+ # @!attribute [rw] ip_address_type
3290
+ # The subnet's IP address type. You can't change the IP address type
3291
+ # after you create the subnet.
3292
+ # @return [String]
3293
+ #
3252
3294
  # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SubnetMapping AWS API Documentation
3253
3295
  #
3254
3296
  class SubnetMapping < Struct.new(
3255
- :subnet_id)
3297
+ :subnet_id,
3298
+ :ip_address_type)
3256
3299
  SENSITIVE = []
3257
3300
  include Aws::Structure
3258
3301
  end
@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
52
52
  # @!group service
53
53
  module Aws::NetworkFirewall
54
54
 
55
- GEM_VERSION = '1.21.0'
55
+ GEM_VERSION = '1.23.0'
56
56
 
57
57
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: aws-sdk-networkfirewall
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.21.0
4
+ version: 1.23.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Amazon Web Services
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-12-28 00:00:00.000000000 Z
11
+ date: 2023-01-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: aws-sdk-core