Amazon Network Firewall · Schema

StatefulRuleOptions

Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.

FirewallIntrusion DetectionNetwork SecurityVPC

Properties

Name Type Description
RuleOrder object
View JSON Schema on GitHub

JSON Schema

openapi-stateful-rule-options-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-network-firewall/refs/heads/main/json-schema/openapi-stateful-rule-options-schema.json",
  "title": "StatefulRuleOptions",
  "description": "Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.",
  "type": "object",
  "properties": {
    "RuleOrder": {
      "allOf": [
        {
          "$ref": "#/components/schemas/RuleOrder"
        },
        {
          "description": "Indicates how to manage the order of the rule evaluation for the rule group. <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html\">Evaluation order for stateful rules</a> in the <i>Network Firewall Developer Guide</i>. "
        }
      ]
    }
  }
}