RubyGems - aws-sdk-networkfirewall - Versions diffs - 1.21.0 → 1.23.0 - Mend

aws-sdk-networkfirewall 1.21.0 → 1.23.0

Files changed (8) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +10 -0
data/VERSION +1 -1
data/lib/aws-sdk-networkfirewall/client.rb +11 -4
data/lib/aws-sdk-networkfirewall/client_api.rb +2 -0
data/lib/aws-sdk-networkfirewall/types.rb +47 -4
data/lib/aws-sdk-networkfirewall.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b6711c7041c19435c83d4ee06911d89c8a6aa3fa2fd70595500a36f2640ed36b
-  data.tar.gz: 5922f0a171373f86b49b8c1db00f364c76b8650b8c9811845d1f6882172cea28
+  metadata.gz: 19321febeaca00db82ed0f8cace3d5c15661473db38a4e30a1f870f23d7c638e
+  data.tar.gz: 769f88cc610dacb69001414bbe7980c77960712610b52bd03089dc49514d3738
 SHA512:
-  metadata.gz: e327916d7a2018b9c7915da204e7b0b50319c19414dd9201796eb53d4773c48b85df378366f165aa3053bb3574b82f594f8774823068ef011e510881693fb881
-  data.tar.gz: fedfe773dc0fa65dc846bf186edc01de337d43286fa15cb2d9229ed7f95feefdfef3448c30649f344812fed56fed43d783c2617a2b96edd9aa9aaae53d1394a2
+  metadata.gz: 486e6a6c074541bb8d2e367439a635a823ae0a79fa4ac247d9ee4c42e9beb91c31cd9bd192c2eeb9b30779ad765652ed41a2c549ee6b4f0aa61f3ac33bc43f28
+  data.tar.gz: 34d55f958a8bba9107a7bb6b7ff5b2628762ad80523cb2854ba25e0ec461a59e5b9810aeec0112d9bac6884d2875aec95b46e8b863525db3db355afa46f74302

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,16 @@
 Unreleased Changes
 ------------------
+1.23.0 (2023-01-17)
+------------------
+* Feature - Network Firewall now allows creation of dual stack endpoints, enabling inspection of IPv6 traffic.
+1.22.0 (2023-01-09)
+------------------
+* Feature - Network Firewall now supports the Suricata rule action reject, in addition to the actions pass, drop, and alert.
 1.21.0 (2022-12-28)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.21.0
1	+ 1.23.0

data/lib/aws-sdk-networkfirewall/client.rb CHANGED Viewed

@@ -509,6 +509,7 @@ module Aws::NetworkFirewall
     #     subnet_mappings: [ # required
     #       {
     #         subnet_id: "CollectionMember_String", # required
+    #         ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
     #       },
     #     ],
     #   })
@@ -519,6 +520,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_name #=> String
     #   resp.subnet_mappings #=> Array
     #   resp.subnet_mappings[0].subnet_id #=> String
+    #   resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
     #   resp.update_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/AssociateSubnets AWS API Documentation
@@ -618,6 +620,7 @@ module Aws::NetworkFirewall
     #     subnet_mappings: [ # required
     #       {
     #         subnet_id: "CollectionMember_String", # required
+    #         ip_address_type: "DUALSTACK", # accepts DUALSTACK, IPV4
     #       },
     #     ],
     #     delete_protection: false,
@@ -644,6 +647,7 @@ module Aws::NetworkFirewall
     #   resp.firewall.vpc_id #=> String
     #   resp.firewall.subnet_mappings #=> Array
     #   resp.firewall.subnet_mappings[0].subnet_id #=> String
+    #   resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
     #   resp.firewall.delete_protection #=> Boolean
     #   resp.firewall.subnet_change_protection #=> Boolean
     #   resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -961,7 +965,7 @@ module Aws::NetworkFirewall
     #         },
     #         stateful_rules: [
     #           {
-    #             action: "PASS", # required, accepts PASS, DROP, ALERT
+    #             action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
     #             header: { # required
     #               protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
     #               source: "Source", # required
@@ -1137,6 +1141,7 @@ module Aws::NetworkFirewall
     #   resp.firewall.vpc_id #=> String
     #   resp.firewall.subnet_mappings #=> Array
     #   resp.firewall.subnet_mappings[0].subnet_id #=> String
+    #   resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
     #   resp.firewall.delete_protection #=> Boolean
     #   resp.firewall.subnet_change_protection #=> Boolean
     #   resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1345,6 +1350,7 @@ module Aws::NetworkFirewall
     #   resp.firewall.vpc_id #=> String
     #   resp.firewall.subnet_mappings #=> Array
     #   resp.firewall.subnet_mappings[0].subnet_id #=> String
+    #   resp.firewall.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
     #   resp.firewall.delete_protection #=> Boolean
     #   resp.firewall.subnet_change_protection #=> Boolean
     #   resp.firewall.firewall_policy_change_protection #=> Boolean
@@ -1579,7 +1585,7 @@ module Aws::NetworkFirewall
     #   resp.rule_group.rules_source.rules_source_list.target_types[0] #=> String, one of "TLS_SNI", "HTTP_HOST"
     #   resp.rule_group.rules_source.rules_source_list.generated_rules_type #=> String, one of "ALLOWLIST", "DENYLIST"
     #   resp.rule_group.rules_source.stateful_rules #=> Array
-    #   resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT"
+    #   resp.rule_group.rules_source.stateful_rules[0].action #=> String, one of "PASS", "DROP", "ALERT", "REJECT"
     #   resp.rule_group.rules_source.stateful_rules[0].header.protocol #=> String, one of "IP", "TCP", "UDP", "ICMP", "HTTP", "FTP", "TLS", "SMB", "DNS", "DCERPC", "SSH", "SMTP", "IMAP", "MSN", "KRB5", "IKEV2", "TFTP", "NTP", "DHCP"
     #   resp.rule_group.rules_source.stateful_rules[0].header.source #=> String
     #   resp.rule_group.rules_source.stateful_rules[0].header.source_port #=> String
@@ -1767,6 +1773,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_name #=> String
     #   resp.subnet_mappings #=> Array
     #   resp.subnet_mappings[0].subnet_id #=> String
+    #   resp.subnet_mappings[0].ip_address_type #=> String, one of "DUALSTACK", "IPV4"
     #   resp.update_token #=> String
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DisassociateSubnets AWS API Documentation
@@ -2803,7 +2810,7 @@ module Aws::NetworkFirewall
     #         },
     #         stateful_rules: [
     #           {
-    #             action: "PASS", # required, accepts PASS, DROP, ALERT
+    #             action: "PASS", # required, accepts PASS, DROP, ALERT, REJECT
     #             header: { # required
     #               protocol: "IP", # required, accepts IP, TCP, UDP, ICMP, HTTP, FTP, TLS, SMB, DNS, DCERPC, SSH, SMTP, IMAP, MSN, KRB5, IKEV2, TFTP, NTP, DHCP
     #               source: "Source", # required
@@ -3007,7 +3014,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.21.0'
+      context[:gem_version] = '1.23.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-networkfirewall/client_api.rb CHANGED Viewed

@@ -86,6 +86,7 @@ module Aws::NetworkFirewall
     HashMapKey = Shapes::StringShape.new(name: 'HashMapKey')
     HashMapValue = Shapes::StringShape.new(name: 'HashMapValue')
     Header = Shapes::StructureShape.new(name: 'Header')
+    IPAddressType = Shapes::StringShape.new(name: 'IPAddressType')
     IPSet = Shapes::StructureShape.new(name: 'IPSet')
     IPSetArn = Shapes::StringShape.new(name: 'IPSetArn')
     IPSetMetadata = Shapes::StructureShape.new(name: 'IPSetMetadata')
@@ -740,6 +741,7 @@ module Aws::NetworkFirewall
     StatelessRulesAndCustomActions.struct_class = Types::StatelessRulesAndCustomActions
     SubnetMapping.add_member(:subnet_id, Shapes::ShapeRef.new(shape: CollectionMember_String, required: true, location_name: "SubnetId"))
+    SubnetMapping.add_member(:ip_address_type, Shapes::ShapeRef.new(shape: IPAddressType, location_name: "IPAddressType"))
     SubnetMapping.struct_class = Types::SubnetMapping
     SubnetMappings.member = Shapes::ShapeRef.new(shape: SubnetMapping)

data/lib/aws-sdk-networkfirewall/types.rb CHANGED Viewed

@@ -39,7 +39,7 @@ module Aws::NetworkFirewall
     # @!attribute [rw] address_definition
     #   Specify an IP address or a block of IP addresses in Classless
     #   Inter-Domain Routing (CIDR) notation. Network Firewall supports all
-    #   address ranges for IPv4.
+    #   address ranges for IPv4 and IPv6.
     #
     #   Examples:
     #
@@ -49,6 +49,15 @@ module Aws::NetworkFirewall
     #   * To configure Network Firewall to inspect for IP addresses from
     #     192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
     #
+    #   * To configure Network Firewall to inspect for the IP address
+    #     1111:0000:0000:0000:0000:0000:0000:0111, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
+    #
+    #   * To configure Network Firewall to inspect for IP addresses from
+    #     1111:0000:0000:0000:0000:0000:0000:0000 to
+    #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
+    #
     #   For more information about CIDR notation, see the Wikipedia entry
     #   [Classless Inter-Domain Routing][1].
     #
@@ -1797,7 +1806,7 @@ module Aws::NetworkFirewall
     #
     #   Specify an IP address or a block of IP addresses in Classless
     #   Inter-Domain Routing (CIDR) notation. Network Firewall supports all
-    #   address ranges for IPv4.
+    #   address ranges for IPv4 and IPv6.
     #
     #   Examples:
     #
@@ -1807,6 +1816,15 @@ module Aws::NetworkFirewall
     #   * To configure Network Firewall to inspect for IP addresses from
     #     192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
     #
+    #   * To configure Network Firewall to inspect for the IP address
+    #     1111:0000:0000:0000:0000:0000:0000:0111, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
+    #
+    #   * To configure Network Firewall to inspect for IP addresses from
+    #     1111:0000:0000:0000:0000:0000:0000:0000 to
+    #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
+    #
     #   For more information about CIDR notation, see the Wikipedia entry
     #   [Classless Inter-Domain Routing][1].
     #
@@ -1835,7 +1853,7 @@ module Aws::NetworkFirewall
     #
     #   Specify an IP address or a block of IP addresses in Classless
     #   Inter-Domain Routing (CIDR) notation. Network Firewall supports all
-    #   address ranges for IPv4.
+    #   address ranges for IPv4 and IPv6.
     #
     #   Examples:
     #
@@ -1845,6 +1863,15 @@ module Aws::NetworkFirewall
     #   * To configure Network Firewall to inspect for IP addresses from
     #     192.0.2.0 to 192.0.2.255, specify `192.0.2.0/24`.
     #
+    #   * To configure Network Firewall to inspect for the IP address
+    #     1111:0000:0000:0000:0000:0000:0000:0111, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0111/128`.
+    #
+    #   * To configure Network Firewall to inspect for IP addresses from
+    #     1111:0000:0000:0000:0000:0000:0000:0000 to
+    #     1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify
+    #     `1111:0000:0000:0000:0000:0000:0000:0000/64`.
+    #
     #   For more information about CIDR notation, see the Wikipedia entry
     #   [Classless Inter-Domain Routing][1].
     #
@@ -3054,6 +3081,16 @@ module Aws::NetworkFirewall
     #     drop traffic. You can enable the rule with `ALERT` action, verify
     #     in the logs that the rule is filtering as you want, then change
     #     the action to `DROP`.
+    #
+    #   * **REJECT** - Drops TCP traffic that matches the conditions of the
+    #     stateful rule, and sends a TCP reset packet back to sender of the
+    #     packet. A TCP reset packet is a packet with no payload and a `RST`
+    #     bit contained in the TCP header flags. Also sends an alert log
+    #     mesage if alert logging is configured in the Firewall
+    #     LoggingConfiguration.
+    #
+    #     `REJECT` isn't currently available for use with IMAP and FTP
+    #     protocols.
     #   @return [String]
     #
     # @!attribute [rw] header
@@ -3249,10 +3286,16 @@ module Aws::NetworkFirewall
     #   The unique identifier for the subnet.
     #   @return [String]
     #
+    # @!attribute [rw] ip_address_type
+    #   The subnet's IP address type. You can't change the IP address type
+    #   after you create the subnet.
+    #   @return [String]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/SubnetMapping AWS API Documentation
     #
     class SubnetMapping < Struct.new(
-      :subnet_id)
+      :subnet_id,
+      :ip_address_type)
       SENSITIVE = []
       include Aws::Structure
     end

data/lib/aws-sdk-networkfirewall.rb CHANGED Viewed

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
-  GEM_VERSION = '1.21.0'
+  GEM_VERSION = '1.23.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.21.0
+  version: 1.23.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-12-28 00:00:00.000000000 Z
+date: 2023-01-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core