RubyGems - aws-sdk-networkfirewall - Versions diffs - 1.27.0 → 1.28.0 - Mend

aws-sdk-networkfirewall 1.27.0 → 1.28.0

Files changed (7) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +5 -0
data/VERSION +1 -1
data/lib/aws-sdk-networkfirewall/client.rb +7 -7
data/lib/aws-sdk-networkfirewall/types.rb +19 -2
data/lib/aws-sdk-networkfirewall.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 848dc5acca2271ff27fe731050b218de6eb5bd90c5cf3f9238d2e7876bd779f1
-  data.tar.gz: 5020c9ed7a2fdde8c547c9e45989ae6c57531ebef798c35c69b18ca031845bf1
+  metadata.gz: 0777bee33353956140748399c259f21e1da2819f69f84f0353b438725e003c62
+  data.tar.gz: b3e1cf9cde792809cc2963d6b3293aca1915965a1be408eeb21ee22b4ba2db7f
 SHA512:
-  metadata.gz: 198569d2c17cdc7db5247a1e39838ec54582a80bafb30946911c02ef36e3482a09a2288407e9bdc86dd9cc8e63914f4dcf4f2b2eb156e220db172cafb8d9d393
-  data.tar.gz: 56255332e20a9726aba325f3e512b28dad5dfcbd4cc7317df5be254aac4a2c5bddaa6f3ec11fb7d0539938866568997a93cf4c9615e1c83de9b4620f5101cbae
+  metadata.gz: b50dc676821f92c9b96e1e41536c72c770c294240907afb2508d9c8001621dd797921395222c3e8d632dddd0415b68a883b6784a2d93f0142ac53089c72cb9ea
+  data.tar.gz: d8ce58d223868c23b80041a606de67df91f313f6adbf17066cb11d5b3d4a814a3ac1d294b413371ae371be9faf215d98bb85fa169d4cb13e0ddc9266da6002fb

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
+1.28.0 (2023-05-04)
+------------------
+* Feature - This release adds support for the Suricata REJECT option in midstream exception configurations.
 1.27.0 (2023-05-03)
 ------------------

data/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.27.0
1	+ 1.28.0

data/lib/aws-sdk-networkfirewall/client.rb CHANGED Viewed

@@ -663,7 +663,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
-    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -766,7 +766,7 @@ module Aws::NetworkFirewall
     #       stateful_default_actions: ["CollectionMember_String"],
     #       stateful_engine_options: {
     #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
-    #         stream_exception_policy: "DROP", # accepts DROP, CONTINUE
+    #         stream_exception_policy: "DROP", # accepts DROP, CONTINUE, REJECT
     #       },
     #       tls_inspection_configuration_arn: "ResourceArn",
     #       policy_variables: {
@@ -1331,7 +1331,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
-    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1593,7 +1593,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_status.sync_states #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.subnet_id #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.endpoint_id #=> String
-    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "SCALING", "READY", "FAILED", "ERROR"
+    #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status #=> String, one of "CREATING", "DELETING", "FAILED", "ERROR", "SCALING", "READY"
     #   resp.firewall_status.sync_states["AvailabilityZone"].attachment.status_message #=> String
     #   resp.firewall_status.sync_states["AvailabilityZone"].config #=> Hash
     #   resp.firewall_status.sync_states["AvailabilityZone"].config["ResourceName"].sync_status #=> String, one of "PENDING", "IN_SYNC", "CAPACITY_CONSTRAINED"
@@ -1673,7 +1673,7 @@ module Aws::NetworkFirewall
     #   resp.firewall_policy.stateful_default_actions #=> Array
     #   resp.firewall_policy.stateful_default_actions[0] #=> String
     #   resp.firewall_policy.stateful_engine_options.rule_order #=> String, one of "DEFAULT_ACTION_ORDER", "STRICT_ORDER"
-    #   resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE"
+    #   resp.firewall_policy.stateful_engine_options.stream_exception_policy #=> String, one of "DROP", "CONTINUE", "REJECT"
     #   resp.firewall_policy.tls_inspection_configuration_arn #=> String
     #   resp.firewall_policy.policy_variables.rule_variables #=> Hash
     #   resp.firewall_policy.policy_variables.rule_variables["RuleVariableName"].definition #=> Array
@@ -2831,7 +2831,7 @@ module Aws::NetworkFirewall
     #       stateful_default_actions: ["CollectionMember_String"],
     #       stateful_engine_options: {
     #         rule_order: "DEFAULT_ACTION_ORDER", # accepts DEFAULT_ACTION_ORDER, STRICT_ORDER
-    #         stream_exception_policy: "DROP", # accepts DROP, CONTINUE
+    #         stream_exception_policy: "DROP", # accepts DROP, CONTINUE, REJECT
     #       },
     #       tls_inspection_configuration_arn: "ResourceArn",
     #       policy_variables: {
@@ -3520,7 +3520,7 @@ module Aws::NetworkFirewall
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-networkfirewall'
-      context[:gem_version] = '1.27.0'
+      context[:gem_version] = '1.28.0'
       Seahorse::Client::Request.new(handlers, context)
     end

data/lib/aws-sdk-networkfirewall/types.rb CHANGED Viewed

@@ -3197,7 +3197,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    #   [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
+    #   [1]: https://suricata.readthedocs.iorules/intro.html#
     #   @return [Array<Types::StatefulRule>]
     #
     # @!attribute [rw] stateless_rules_and_custom_actions
@@ -3449,6 +3449,13 @@ module Aws::NetworkFirewall
     #     behavior is rule dependent—a TCP-layer rule using a
     #     `flow:stateless` rule would still match, as would the
     #     `aws:drop_strict` default action.
+    #
+    #   * `REJECT` - Network Firewall fails closed and drops all subsequent
+    #     traffic going to the firewall. Network Firewall also sends a TCP
+    #     reject packet back to your client so that the client can
+    #     immediately establish a new session. Network Firewall will have
+    #     context about the new session and will apply rules to the
+    #     subsequent traffic.
     #   @return [String]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/StatefulEngineOptions AWS API Documentation
@@ -3468,7 +3475,7 @@ module Aws::NetworkFirewall
     #
     #
     #
-    # [1]: https://suricata.readthedocs.io/en/suricata-6.0.9/rules/intro.html
+    # [1]: https://suricata.readthedocs.iorules/intro.html#
     #
     # @!attribute [rw] action
     #   Defines what Network Firewall should do with the packets in a
@@ -3492,6 +3499,16 @@ module Aws::NetworkFirewall
     #     drop traffic. You can enable the rule with `ALERT` action, verify
     #     in the logs that the rule is filtering as you want, then change
     #     the action to `DROP`.
+    #
+    #   * **REJECT** - Drops TCP traffic that matches the conditions of the
+    #     stateful rule, and sends a TCP reset packet back to sender of the
+    #     packet. A TCP reset packet is a packet with no payload and a `RST`
+    #     bit contained in the TCP header flags. Also sends an alert log
+    #     mesage if alert logging is configured in the Firewall
+    #     LoggingConfiguration.
+    #
+    #     `REJECT` isn't currently available for use with IMAP and FTP
+    #     protocols.
     #   @return [String]
     #
     # @!attribute [rw] header

data/lib/aws-sdk-networkfirewall.rb CHANGED Viewed

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-networkfirewall/customizations'
 # @!group service
 module Aws::NetworkFirewall
-  GEM_VERSION = '1.27.0'
+  GEM_VERSION = '1.28.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-networkfirewall
 version: !ruby/object:Gem::Version
-  version: 1.27.0
+  version: 1.28.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-05-03 00:00:00.000000000 Z
+date: 2023-05-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core