Amazon Network Firewall · JSON Structure

Openapi Stateful Rule Options Structure

Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.

Type: object Properties: 1
FirewallIntrusion DetectionNetwork SecurityVPC

StatefulRuleOptions is a JSON Structure definition published by Amazon Network Firewall, describing 1 property. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

RuleOrder

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-network-firewall/refs/heads/main/json-structure/openapi-stateful-rule-options-structure.json",
  "name": "StatefulRuleOptions",
  "description": "Additional options governing how Network Firewall handles the rule group. You can only use these for stateful rule groups.",
  "type": "object",
  "properties": {
    "RuleOrder": {
      "allOf": [
        {
          "$ref": "#/components/schemas/RuleOrder"
        },
        {
          "description": "Indicates how to manage the order of the rule evaluation for the rule group. <code>DEFAULT_ACTION_ORDER</code> is the default behavior. Stateful rules are provided to the rule engine as Suricata compatible strings, and Suricata evaluates them based on certain settings. For more information, see <a href=\"https://docs.aws.amazon.com/network-firewall/latest/developerguide/suricata-rule-evaluation-order.html\">Evaluation order for stateful rules</a> in the <i>Network Firewall Developer Guide</i>. "
        }
      ]
    }
  }
}