Amazon Network Firewall · Schema

MatchAttributes

Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags.

FirewallIntrusion DetectionNetwork SecurityVPC

Properties

Name Type Description
Sources object
Destinations object
SourcePorts object
DestinationPorts object
Protocols object
TCPFlags object
View JSON Schema on GitHub

JSON Schema

openapi-match-attributes-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-network-firewall/refs/heads/main/json-schema/openapi-match-attributes-schema.json",
  "title": "MatchAttributes",
  "description": "Criteria for Network Firewall to use to inspect an individual packet in stateless rule inspection. Each match attributes set can include one or more items such as IP address, CIDR range, port number, protocol, and TCP flags. ",
  "type": "object",
  "properties": {
    "Sources": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Addresses"
        },
        {
          "description": "The source IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any source address. "
        }
      ]
    },
    "Destinations": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Addresses"
        },
        {
          "description": "The destination IP addresses and address ranges to inspect for, in CIDR notation. If not specified, this matches with any destination address. "
        }
      ]
    },
    "SourcePorts": {
      "allOf": [
        {
          "$ref": "#/components/schemas/PortRanges"
        },
        {
          "description": "<p>The source ports to inspect for. If not specified, this matches with any source port. This setting is only used for protocols 6 (TCP) and 17 (UDP). </p> <p>You can specify individual ports, for example <code>1994</code> and you can specify port ranges, for example <code>1990:1994</code>. </p>"
        }
      ]
    },
    "DestinationPorts": {
      "allOf": [
        {
          "$ref": "#/components/schemas/PortRanges"
        },
        {
          "description": "<p>The destination ports to inspect for. If not specified, this matches with any destination port. This setting is only used for protocols 6 (TCP) and 17 (UDP). </p> <p>You can specify individual ports, for example <code>1994</code> and you can specify port ranges, for example <code>1990:1994</code>. </p>"
        }
      ]
    },
    "Protocols": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ProtocolNumbers"
        },
        {
          "description": "The protocols to inspect for, specified using each protocol's assigned internet protocol number (IANA). If not specified, this matches with any protocol. "
        }
      ]
    },
    "TCPFlags": {
      "allOf": [
        {
          "$ref": "#/components/schemas/TCPFlags"
        },
        {
          "description": "The TCP flags and masks to inspect for. If not specified, this matches with any settings. This setting is only used for protocol 6 (TCP)."
        }
      ]
    }
  }
}