aws-sdk-networkfirewall 1.21.0 → 1.23.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +10 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-networkfirewall/client.rb +11 -4
- data/lib/aws-sdk-networkfirewall/client_api.rb +2 -0
- data/lib/aws-sdk-networkfirewall/types.rb +47 -4
- data/lib/aws-sdk-networkfirewall.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 19321febeaca00db82ed0f8cace3d5c15661473db38a4e30a1f870f23d7c638e
|
4
|
+
data.tar.gz: 769f88cc610dacb69001414bbe7980c77960712610b52bd03089dc49514d3738
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 486e6a6c074541bb8d2e367439a635a823ae0a79fa4ac247d9ee4c42e9beb91c31cd9bd192c2eeb9b30779ad765652ed41a2c549ee6b4f0aa61f3ac33bc43f28
|
7
|
+
data.tar.gz: 34d55f958a8bba9107a7bb6b7ff5b2628762ad80523cb2854ba25e0ec461a59e5b9810aeec0112d9bac6884d2875aec95b46e8b863525db3db355afa46f74302
|
data/CHANGELOG.md
CHANGED
@@ -1,6 +1,16 @@
|
|
1
1
|
Unreleased Changes
|
2
2
|
------------------
|
3
3
|
|
4
|
+
1.23.0 (2023-01-17)
|
5
|
+
------------------
|
6
|
+
|
7
|
+
* Feature - Network Firewall now allows creation of dual stack endpoints, enabling inspection of IPv6 traffic.
|
8
|
+
|
9
|
+
1.22.0 (2023-01-09)
|
10
|
+
------------------
|
11
|
+
|
12
|
+
* Feature - Network Firewall now supports the Suricata rule action reject, in addition to the actions pass, drop, and alert.
|
13
|
+
|
4
14
|
1.21.0 (2022-12-28)
|
5
15
|
------------------
|
6
16
|
|
data/VERSION
CHANGED
@@ -1 +1 @@
|
|
1
|
-
1.
|
1
|
+
1.23.0
|
@@ -509,6 +509,7 @@ module Aws::NetworkFirewall
|
|
509
509
|
# subnet_mappings: [ # required
|
510
510
|
# {
|
511
511
|
# subnet_id: "CollectionMember_String", # required
|
512
|
+
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
|
512
513
|
# },
|
513
514
|
# ],
|
514
515
|
# })
|
@@ -519,6 +520,7 @@ module Aws::NetworkFirewall
|
|
519
520
|
# resp.firewall_name #=> String
|
520
521
|
# resp.subnet_mappings #=> Array
|
521
522
|
# resp.subnet_mappings[0].subnet_id #=> String
|
523
|
+
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
522
524
|
# resp.update_token #=> String
|
523
525
|
#
|
524
526
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets AWS API Documentation
|
@@ -618,6 +620,7 @@ module Aws::NetworkFirewall
|
|
618
620
|
# subnet_mappings: [ # required
|
619
621
|
# {
|
620
622
|
# subnet_id: "CollectionMember_String", # required
|
623
|
+
# ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
|
621
624
|
# },
|
622
625
|
# ],
|
623
626
|
# delete_protection: false,
|
@@ -644,6 +647,7 @@ module Aws::NetworkFirewall
|
|
644
647
|
# resp.firewall.vpc_id #=> String
|
645
648
|
# resp.firewall.subnet_mappings #=> Array
|
646
649
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
650
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
647
651
|
# resp.firewall.delete_protection #=> Boolean
|
648
652
|
# resp.firewall.subnet_change_protection #=> Boolean
|
649
653
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -961,7 +965,7 @@ module Aws::NetworkFirewall
|
|
961
965
|
# },
|
962
966
|
# stateful_rules: [
|
963
967
|
# {
|
964
|
-
# action: "PASS", # required, accepts PASS, DROP, ALERT
|
968
|
+
# action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
|
965
969
|
# header: { # required
|
966
970
|
# protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
|
967
971
|
# source: "Source", # required
|
@@ -1137,6 +1141,7 @@ module Aws::NetworkFirewall
|
|
1137
1141
|
# resp.firewall.vpc_id #=> String
|
1138
1142
|
# resp.firewall.subnet_mappings #=> Array
|
1139
1143
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
1144
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
1140
1145
|
# resp.firewall.delete_protection #=> Boolean
|
1141
1146
|
# resp.firewall.subnet_change_protection #=> Boolean
|
1142
1147
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -1345,6 +1350,7 @@ module Aws::NetworkFirewall
|
|
1345
1350
|
# resp.firewall.vpc_id #=> String
|
1346
1351
|
# resp.firewall.subnet_mappings #=> Array
|
1347
1352
|
# resp.firewall.subnet_mappings[0].subnet_id #=> String
|
1353
|
+
# resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
1348
1354
|
# resp.firewall.delete_protection #=> Boolean
|
1349
1355
|
# resp.firewall.subnet_change_protection #=> Boolean
|
1350
1356
|
# resp.firewall.firewall_policy_change_protection #=> Boolean
|
@@ -1579,7 +1585,7 @@ module Aws::NetworkFirewall
|
|
1579
1585
|
# resp.rule_group.rules_source.rules_source_list.target_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
|
1580
1586
|
# resp.rule_group.rules_source.rules_source_list.generated_rules_type #=> String, one of "ALLOWLIST", "DENYLIST"
|
1581
1587
|
# resp.rule_group.rules_source.stateful_rules #=> Array
|
1582
|
-
# resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT"
|
1588
|
+
# resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT", "REJECT"
|
1583
1589
|
# resp.rule_group.rules_source.stateful_rules[0].header.protocol #=> String, one of "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP"
|
1584
1590
|
# resp.rule_group.rules_source.stateful_rules[0].header.source #=> String
|
1585
1591
|
# resp.rule_group.rules_source.stateful_rules[0].header.source_port #=> String
|
@@ -1767,6 +1773,7 @@ module Aws::NetworkFirewall
|
|
1767
1773
|
# resp.firewall_name #=> String
|
1768
1774
|
# resp.subnet_mappings #=> Array
|
1769
1775
|
# resp.subnet_mappings[0].subnet_id #=> String
|
1776
|
+
# resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
|
1770
1777
|
# resp.update_token #=> String
|
1771
1778
|
#
|
1772
1779
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets AWS API Documentation
|
@@ -2803,7 +2810,7 @@ module Aws::NetworkFirewall
|
|
2803
2810
|
# },
|
2804
2811
|
# stateful_rules: [
|
2805
2812
|
# {
|
2806
|
-
# action: "PASS", # required, accepts PASS, DROP, ALERT
|
2813
|
+
# action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
|
2807
2814
|
# header: { # required
|
2808
2815
|
# protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
|
2809
2816
|
# source: "Source", # required
|
@@ -3007,7 +3014,7 @@ module Aws::NetworkFirewall
|
|
3007
3014
|
params: params,
|
3008
3015
|
config: config)
|
3009
3016
|
context[:gem_name] = 'aws-sdk-networkfirewall'
|
3010
|
-
context[:gem_version] = '1.
|
3017
|
+
context[:gem_version] = '1.23.0'
|
3011
3018
|
Seahorse::Client::Request.new(handlers, context)
|
3012
3019
|
end
|
3013
3020
|
|
@@ -86,6 +86,7 @@ module Aws::NetworkFirewall
|
|
86
86
|
HashMapKey = Shapes::StringShape.new(name: 'HashMapKey')
|
87
87
|
HashMapValue = Shapes::StringShape.new(name: 'HashMapValue')
|
88
88
|
Header = Shapes::StructureShape.new(name: 'Header')
|
89
|
+
IPAddressType = Shapes::StringShape.new(name: 'IPAddressType')
|
89
90
|
IPSet = Shapes::StructureShape.new(name: 'IPSet')
|
90
91
|
IPSetArn = Shapes::StringShape.new(name: 'IPSetArn')
|
91
92
|
IPSetMetadata = Shapes::StructureShape.new(name: 'IPSetMetadata')
|
@@ -740,6 +741,7 @@ module Aws::NetworkFirewall
|
|
740
741
|
StatelessRulesAndCustomActions.struct_class = Types::StatelessRulesAndCustomActions
|
741
742
|
|
742
743
|
SubnetMapping.add_member(:subnet_id, Shapes::ShapeRef.new(shape: CollectionMember_String, required: true, location_name: "SubnetId"))
|
744
|
+
SubnetMapping.add_member(:ip_address_type, Shapes::ShapeRef.new(shape: IPAddressType, location_name: "IPAddressType"))
|
743
745
|
SubnetMapping.struct_class = Types::SubnetMapping
|
744
746
|
|
745
747
|
SubnetMappings.member = Shapes::ShapeRef.new(shape: SubnetMapping)
|
@@ -39,7 +39,7 @@ module Aws::NetworkFirewall
|
|
39
39
|
# @!attribute [rw] address_definition
|
40
40
|
# Specify an IP address or a block of IP addresses in Classless
|
41
41
|
# Inter-Domain Routing (CIDR) notation. Network Firewall supports all
|
42
|
-
# address ranges for IPv4.
|
42
|
+
# address ranges for IPv4 and IPv6.
|
43
43
|
#
|
44
44
|
# Examples:
|
45
45
|
#
|
@@ -49,6 +49,15 @@ module Aws::NetworkFirewall
|
|
49
49
|
# * To configure Network Firewall to inspect for IP addresses from
|
50
50
|
# 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
|
51
51
|
#
|
52
|
+
# * To configure Network Firewall to inspect for the IP address
|
53
|
+
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
54
|
+
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
55
|
+
#
|
56
|
+
# * To configure Network Firewall to inspect for IP addresses from
|
57
|
+
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
58
|
+
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
59
|
+
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
60
|
+
#
|
52
61
|
# For more information about CIDR notation, see the Wikipedia entry
|
53
62
|
# [Classless Inter-Domain Routing][1].
|
54
63
|
#
|
@@ -1797,7 +1806,7 @@ module Aws::NetworkFirewall
|
|
1797
1806
|
#
|
1798
1807
|
# Specify an IP address or a block of IP addresses in Classless
|
1799
1808
|
# Inter-Domain Routing (CIDR) notation. Network Firewall supports all
|
1800
|
-
# address ranges for IPv4.
|
1809
|
+
# address ranges for IPv4 and IPv6.
|
1801
1810
|
#
|
1802
1811
|
# Examples:
|
1803
1812
|
#
|
@@ -1807,6 +1816,15 @@ module Aws::NetworkFirewall
|
|
1807
1816
|
# * To configure Network Firewall to inspect for IP addresses from
|
1808
1817
|
# 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
|
1809
1818
|
#
|
1819
|
+
# * To configure Network Firewall to inspect for the IP address
|
1820
|
+
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
1821
|
+
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
1822
|
+
#
|
1823
|
+
# * To configure Network Firewall to inspect for IP addresses from
|
1824
|
+
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
1825
|
+
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
1826
|
+
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
1827
|
+
#
|
1810
1828
|
# For more information about CIDR notation, see the Wikipedia entry
|
1811
1829
|
# [Classless Inter-Domain Routing][1].
|
1812
1830
|
#
|
@@ -1835,7 +1853,7 @@ module Aws::NetworkFirewall
|
|
1835
1853
|
#
|
1836
1854
|
# Specify an IP address or a block of IP addresses in Classless
|
1837
1855
|
# Inter-Domain Routing (CIDR) notation. Network Firewall supports all
|
1838
|
-
# address ranges for IPv4.
|
1856
|
+
# address ranges for IPv4 and IPv6.
|
1839
1857
|
#
|
1840
1858
|
# Examples:
|
1841
1859
|
#
|
@@ -1845,6 +1863,15 @@ module Aws::NetworkFirewall
|
|
1845
1863
|
# * To configure Network Firewall to inspect for IP addresses from
|
1846
1864
|
# 192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
|
1847
1865
|
#
|
1866
|
+
# * To configure Network Firewall to inspect for the IP address
|
1867
|
+
# 1111:0000:0000:0000:0000:0000:0000:0111, specify
|
1868
|
+
# `1111:0000:0000:0000:0000:0000:0000:0111/128`.
|
1869
|
+
#
|
1870
|
+
# * To configure Network Firewall to inspect for IP addresses from
|
1871
|
+
# 1111:0000:0000:0000:0000:0000:0000:0000 to
|
1872
|
+
# 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
|
1873
|
+
# `1111:0000:0000:0000:0000:0000:0000:0000/64`.
|
1874
|
+
#
|
1848
1875
|
# For more information about CIDR notation, see the Wikipedia entry
|
1849
1876
|
# [Classless Inter-Domain Routing][1].
|
1850
1877
|
#
|
@@ -3054,6 +3081,16 @@ module Aws::NetworkFirewall
|
|
3054
3081
|
# drop traffic. You can enable the rule with `ALERT` action, verify
|
3055
3082
|
# in the logs that the rule is filtering as you want, then change
|
3056
3083
|
# the action to `DROP`.
|
3084
|
+
#
|
3085
|
+
# * **REJECT** - Drops TCP traffic that matches the conditions of the
|
3086
|
+
# stateful rule, and sends a TCP reset packet back to sender of the
|
3087
|
+
# packet. A TCP reset packet is a packet with no payload and a `RST`
|
3088
|
+
# bit contained in the TCP header flags. Also sends an alert log
|
3089
|
+
# mesage if alert logging is configured in the Firewall
|
3090
|
+
# LoggingConfiguration.
|
3091
|
+
#
|
3092
|
+
# `REJECT` isn't currently available for use with IMAP and FTP
|
3093
|
+
# protocols.
|
3057
3094
|
# @return [String]
|
3058
3095
|
#
|
3059
3096
|
# @!attribute [rw] header
|
@@ -3249,10 +3286,16 @@ module Aws::NetworkFirewall
|
|
3249
3286
|
# The unique identifier for the subnet.
|
3250
3287
|
# @return [String]
|
3251
3288
|
#
|
3289
|
+
# @!attribute [rw] ip_address_type
|
3290
|
+
# The subnet's IP address type. You can't change the IP address type
|
3291
|
+
# after you create the subnet.
|
3292
|
+
# @return [String]
|
3293
|
+
#
|
3252
3294
|
# @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SubnetMapping AWS API Documentation
|
3253
3295
|
#
|
3254
3296
|
class SubnetMapping < Struct.new(
|
3255
|
-
:subnet_id
|
3297
|
+
:subnet_id,
|
3298
|
+
:ip_address_type)
|
3256
3299
|
SENSITIVE = []
|
3257
3300
|
include Aws::Structure
|
3258
3301
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-networkfirewall
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.23.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|