SecurityRule¶

class oci.network_firewall.models.SecurityRule(**kwargs)¶

Bases: object

Security Rule used in the firewall policy rules. Security Rules determine whether to block or allow a session based on traffic attributes, such as the source and destination IP address, protocol/port, and the HTTP(S) target URL.

Attributes

`ACTION_ALLOW`	A constant which can be used with the action property of a SecurityRule.
`ACTION_DROP`	A constant which can be used with the action property of a SecurityRule.
`ACTION_INSPECT`	A constant which can be used with the action property of a SecurityRule.
`ACTION_REJECT`	A constant which can be used with the action property of a SecurityRule.
`INSPECTION_INTRUSION_DETECTION`	A constant which can be used with the inspection property of a SecurityRule.
`INSPECTION_INTRUSION_PREVENTION`	A constant which can be used with the inspection property of a SecurityRule.
`action`	[Required] Gets the action of this SecurityRule.
`condition`	[Required] Gets the condition of this SecurityRule.
`inspection`	Gets the inspection of this SecurityRule.
`name`	[Required] Gets the name of this SecurityRule.
`parent_resource_id`	[Required] Gets the parent_resource_id of this SecurityRule.
`position`	Gets the position of this SecurityRule.

Methods

__init__(**kwargs) Initializes a new SecurityRule object with values from keyword arguments.

ACTION_ALLOW = 'ALLOW'¶: A constant which can be used with the action property of a SecurityRule. This constant has a value of “ALLOW”

ACTION_DROP = 'DROP'¶: A constant which can be used with the action property of a SecurityRule. This constant has a value of “DROP”

ACTION_INSPECT = 'INSPECT'¶: A constant which can be used with the action property of a SecurityRule. This constant has a value of “INSPECT”

ACTION_REJECT = 'REJECT'¶: A constant which can be used with the action property of a SecurityRule. This constant has a value of “REJECT”

INSPECTION_INTRUSION_DETECTION = 'INTRUSION_DETECTION'¶: A constant which can be used with the inspection property of a SecurityRule. This constant has a value of “INTRUSION_DETECTION”

INSPECTION_INTRUSION_PREVENTION = 'INTRUSION_PREVENTION'¶: A constant which can be used with the inspection property of a SecurityRule. This constant has a value of “INTRUSION_PREVENTION”

__init__(**kwargs)¶

Initializes a new SecurityRule object with values from keyword arguments. The following keyword arguments are supported (corresponding to the getters/setters of this class):

Parameters:

name (str) – The value to assign to the name property of this SecurityRule.
condition (oci.network_firewall.models.SecurityRuleMatchCriteria) – The value to assign to the condition property of this SecurityRule.
action (str) – The value to assign to the action property of this SecurityRule. Allowed values for this property are: “ALLOW”, “DROP”, “REJECT”, “INSPECT”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
inspection (str) – The value to assign to the inspection property of this SecurityRule. Allowed values for this property are: “INTRUSION_DETECTION”, “INTRUSION_PREVENTION”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.
position (oci.network_firewall.models.RulePosition) – The value to assign to the position property of this SecurityRule.
parent_resource_id (str) – The value to assign to the parent_resource_id property of this SecurityRule.

action¶

[Required] Gets the action of this SecurityRule. Types of Action on the Traffic flow.

ALLOW - Allows the traffic.

DROP - Silently drops the traffic, e.g. without sending a TCP reset.

REJECT - Rejects the traffic, sending a TCP reset to client and/or server as applicable.

INSPECT - Inspects traffic for vulnerability as specified in inspection, which may result in rejection.

Allowed values for this property are: “ALLOW”, “DROP”, “REJECT”, “INSPECT”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:	The action of this SecurityRule.
Return type:	str

condition¶

[Required] Gets the condition of this SecurityRule.

Returns:	The condition of this SecurityRule.
Return type:	oci.network_firewall.models.SecurityRuleMatchCriteria

inspection¶

Gets the inspection of this SecurityRule. Type of inspection to affect the Traffic flow. This is only applicable if action is INSPECT.

INTRUSION_DETECTION - Intrusion Detection.

INTRUSION_PREVENTION - Intrusion Detection and Prevention. Traffic classified as potentially malicious will be rejected as described in type.

Allowed values for this property are: “INTRUSION_DETECTION”, “INTRUSION_PREVENTION”, ‘UNKNOWN_ENUM_VALUE’. Any unrecognized values returned by a service will be mapped to ‘UNKNOWN_ENUM_VALUE’.

Returns:	The inspection of this SecurityRule.
Return type:	str

name¶

[Required] Gets the name of this SecurityRule. Name for the Security rule, must be unique within the policy.

Returns:	The name of this SecurityRule.
Return type:	str

parent_resource_id¶

[Required] Gets the parent_resource_id of this SecurityRule. OCID of the Network Firewall Policy this security rule belongs to.

Returns:	The parent_resource_id of this SecurityRule.
Return type:	str

position¶

Gets the position of this SecurityRule.

Returns:	The position of this SecurityRule.
Return type:	oci.network_firewall.models.RulePosition