Skip to content

/AWS1/CL_R5RFIREWALLRULE

A single firewall rule in a rule group.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_firewallrulegroupid TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

The unique identifier of the Firewall rule group of the rule.

iv_firewalldomainlistid TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

The ID of the domain list that's used in the rule.

iv_firewallthreatprotectio00 TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

ID of the DNS Firewall Advanced rule.

iv_name TYPE /AWS1/R5RNAME /AWS1/R5RNAME

The name of the rule.

iv_priority TYPE /AWS1/R5RPRIORITY /AWS1/R5RPRIORITY

The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

iv_action TYPE /AWS1/R5RACTION /AWS1/R5RACTION

The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:

  • ALLOW - Permit the request to go through. Not available for DNS Firewall Advanced rules.

  • ALERT - Permit the request to go through but send an alert to the logs.

  • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

iv_blockresponse TYPE /AWS1/R5RBLOCKRESPONSE /AWS1/R5RBLOCKRESPONSE

The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

  • NODATA - Respond indicating that the query was successful, but no response is available for it.

  • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

  • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

iv_blockoverridedomain TYPE /AWS1/R5RBLOCKOVERRIDEDOMAIN /AWS1/R5RBLOCKOVERRIDEDOMAIN

The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

iv_blockoverridednstype TYPE /AWS1/R5RBLOCKOVERRIDEDNSTYPE /AWS1/R5RBLOCKOVERRIDEDNSTYPE

The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

iv_blockoverridettl TYPE /AWS1/R5RUNSIGNED /AWS1/R5RUNSIGNED

The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

iv_creatorrequestid TYPE /AWS1/R5RCREATORREQUESTID /AWS1/R5RCREATORREQUESTID

A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

iv_creationtime TYPE /AWS1/R5RRFC3339TIMESTRING /AWS1/R5RRFC3339TIMESTRING

The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

iv_modificationtime TYPE /AWS1/R5RRFC3339TIMESTRING /AWS1/R5RRFC3339TIMESTRING

The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

iv_firewalldomainrediraction TYPE /AWS1/R5RFIREWALLDOMREDIRACT /AWS1/R5RFIREWALLDOMREDIRACT

How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.

INSPECT_REDIRECTION_DOMAIN: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.

TRUST_REDIRECTION_DOMAIN: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.

iv_qtype TYPE /AWS1/R5RQTYPE /AWS1/R5RQTYPE

The DNS query type you want the rule to evaluate. Allowed values are;

  • A: Returns an IPv4 address.

  • AAAA: Returns an Ipv6 address.

  • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

  • CNAME: Returns another domain name.

  • DS: Record that identifies the DNSSEC signing key of a delegated zone.

  • MX: Specifies mail servers.

  • NAPTR: Regular-expression-based rewriting of domain names.

  • NS: Authoritative name servers.

  • PTR: Maps an IP address to a domain name.

  • SOA: Start of authority record for the zone.

  • SPF: Lists the servers authorized to send emails from a domain.

  • SRV: Application specific values that identify servers.

  • TXT: Verifies email senders and application-specific values.

  • A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see List of DNS record types.

iv_dnsthreatprotection TYPE /AWS1/R5RDNSTHREATPROTECTION /AWS1/R5RDNSTHREATPROTECTION

The type of the DNS Firewall Advanced rule. Valid values are:

  • DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to to launch malware attacks.

  • DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.

iv_confidencethreshold TYPE /AWS1/R5RCONFIDENCETHRESHOLD /AWS1/R5RCONFIDENCETHRESHOLD

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence level values mean:

  • LOW: Provides the highest detection rate for threats, but also increases false positives.

  • MEDIUM: Provides a balance between detecting threats and false positives.

  • HIGH: Detects only the most well corroborated threats with a low rate of false positives.

io_firewallruletype TYPE REF TO /AWS1/CL_R5RFIREWALLRULETYPE /AWS1/CL_R5RFIREWALLRULETYPE

The rule type configuration for the firewall rule. Exactly one member of this union should be set.

Queryable Attributes

FirewallRuleGroupId

The unique identifier of the Firewall rule group of the rule.

Accessible with the following methods

Method Description
GET_FIREWALLRULEGROUPID() Getter for FIREWALLRULEGROUPID, with configurable default
ASK_FIREWALLRULEGROUPID() Getter for FIREWALLRULEGROUPID w/ exceptions if field has no
HAS_FIREWALLRULEGROUPID() Determine if FIREWALLRULEGROUPID has a value

FirewallDomainListId

The ID of the domain list that's used in the rule.

Accessible with the following methods

Method Description
GET_FIREWALLDOMAINLISTID() Getter for FIREWALLDOMAINLISTID, with configurable default
ASK_FIREWALLDOMAINLISTID() Getter for FIREWALLDOMAINLISTID w/ exceptions if field has n
HAS_FIREWALLDOMAINLISTID() Determine if FIREWALLDOMAINLISTID has a value

FirewallThreatProtectionId

ID of the DNS Firewall Advanced rule.

Accessible with the following methods

Method Description
GET_FIREWALLTHREATPROTECTI00() Getter for FIREWALLTHREATPROTECTIONID, with configurable def
ASK_FIREWALLTHREATPROTECTI00() Getter for FIREWALLTHREATPROTECTIONID w/ exceptions if field
HAS_FIREWALLTHREATPROTECTI00() Determine if FIREWALLTHREATPROTECTIONID has a value

Name

The name of the rule.

Accessible with the following methods

Method Description
GET_NAME() Getter for NAME, with configurable default
ASK_NAME() Getter for NAME w/ exceptions if field has no value
HAS_NAME() Determine if NAME has a value

Priority

The priority of the rule in the rule group. This value must be unique within the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

Accessible with the following methods

Method Description
GET_PRIORITY() Getter for PRIORITY, with configurable default
ASK_PRIORITY() Getter for PRIORITY w/ exceptions if field has no value
HAS_PRIORITY() Determine if PRIORITY has a value

Action

The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:

  • ALLOW - Permit the request to go through. Not available for DNS Firewall Advanced rules.

  • ALERT - Permit the request to go through but send an alert to the logs.

  • BLOCK - Disallow the request. If this is specified, additional handling details are provided in the rule's BlockResponse setting.

Accessible with the following methods

Method Description
GET_ACTION() Getter for ACTION, with configurable default
ASK_ACTION() Getter for ACTION w/ exceptions if field has no value
HAS_ACTION() Determine if ACTION has a value

BlockResponse

The way that you want DNS Firewall to block the request. Used for the rule action setting BLOCK.

  • NODATA - Respond indicating that the query was successful, but no response is available for it.

  • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

  • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

Accessible with the following methods

Method Description
GET_BLOCKRESPONSE() Getter for BLOCKRESPONSE, with configurable default
ASK_BLOCKRESPONSE() Getter for BLOCKRESPONSE w/ exceptions if field has no value
HAS_BLOCKRESPONSE() Determine if BLOCKRESPONSE has a value

BlockOverrideDomain

The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDEDOMAIN() Getter for BLOCKOVERRIDEDOMAIN, with configurable default
ASK_BLOCKOVERRIDEDOMAIN() Getter for BLOCKOVERRIDEDOMAIN w/ exceptions if field has no
HAS_BLOCKOVERRIDEDOMAIN() Determine if BLOCKOVERRIDEDOMAIN has a value

BlockOverrideDnsType

The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDEDNSTYPE() Getter for BLOCKOVERRIDEDNSTYPE, with configurable default
ASK_BLOCKOVERRIDEDNSTYPE() Getter for BLOCKOVERRIDEDNSTYPE w/ exceptions if field has n
HAS_BLOCKOVERRIDEDNSTYPE() Determine if BLOCKOVERRIDEDNSTYPE has a value

BlockOverrideTtl

The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDETTL() Getter for BLOCKOVERRIDETTL, with configurable default
ASK_BLOCKOVERRIDETTL() Getter for BLOCKOVERRIDETTL w/ exceptions if field has no va
HAS_BLOCKOVERRIDETTL() Determine if BLOCKOVERRIDETTL has a value

CreatorRequestId

A unique string defined by you to identify the request. This allows you to retry failed requests without the risk of executing the operation twice. This can be any unique string, for example, a timestamp.

Accessible with the following methods

Method Description
GET_CREATORREQUESTID() Getter for CREATORREQUESTID, with configurable default
ASK_CREATORREQUESTID() Getter for CREATORREQUESTID w/ exceptions if field has no va
HAS_CREATORREQUESTID() Determine if CREATORREQUESTID has a value

CreationTime

The date and time that the rule was created, in Unix time format and Coordinated Universal Time (UTC).

Accessible with the following methods

Method Description
GET_CREATIONTIME() Getter for CREATIONTIME, with configurable default
ASK_CREATIONTIME() Getter for CREATIONTIME w/ exceptions if field has no value
HAS_CREATIONTIME() Determine if CREATIONTIME has a value

ModificationTime

The date and time that the rule was last modified, in Unix time format and Coordinated Universal Time (UTC).

Accessible with the following methods

Method Description
GET_MODIFICATIONTIME() Getter for MODIFICATIONTIME, with configurable default
ASK_MODIFICATIONTIME() Getter for MODIFICATIONTIME w/ exceptions if field has no va
HAS_MODIFICATIONTIME() Determine if MODIFICATIONTIME has a value

FirewallDomainRedirectionAction

How you want the the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.

INSPECT_REDIRECTION_DOMAIN: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.

TRUST_REDIRECTION_DOMAIN: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the domain in the redirection list to the domain list.

Accessible with the following methods

Method Description
GET_FIREWALLDOMREDIRACTION() Getter for FIREWALLDOMAINREDIRACTION, with configurable defa
ASK_FIREWALLDOMREDIRACTION() Getter for FIREWALLDOMAINREDIRACTION w/ exceptions if field
HAS_FIREWALLDOMREDIRACTION() Determine if FIREWALLDOMAINREDIRACTION has a value

Qtype

The DNS query type you want the rule to evaluate. Allowed values are;

  • A: Returns an IPv4 address.

  • AAAA: Returns an Ipv6 address.

  • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

  • CNAME: Returns another domain name.

  • DS: Record that identifies the DNSSEC signing key of a delegated zone.

  • MX: Specifies mail servers.

  • NAPTR: Regular-expression-based rewriting of domain names.

  • NS: Authoritative name servers.

  • PTR: Maps an IP address to a domain name.

  • SOA: Start of authority record for the zone.

  • SPF: Lists the servers authorized to send emails from a domain.

  • SRV: Application specific values that identify servers.

  • TXT: Verifies email senders and application-specific values.

  • A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see List of DNS record types.

Accessible with the following methods

Method Description
GET_QTYPE() Getter for QTYPE, with configurable default
ASK_QTYPE() Getter for QTYPE w/ exceptions if field has no value
HAS_QTYPE() Determine if QTYPE has a value

DnsThreatProtection

The type of the DNS Firewall Advanced rule. Valid values are:

  • DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to to launch malware attacks.

  • DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.

Accessible with the following methods

Method Description
GET_DNSTHREATPROTECTION() Getter for DNSTHREATPROTECTION, with configurable default
ASK_DNSTHREATPROTECTION() Getter for DNSTHREATPROTECTION w/ exceptions if field has no
HAS_DNSTHREATPROTECTION() Determine if DNSTHREATPROTECTION has a value

ConfidenceThreshold

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create a DNS Firewall Advanced rule. The confidence level values mean:

  • LOW: Provides the highest detection rate for threats, but also increases false positives.

  • MEDIUM: Provides a balance between detecting threats and false positives.

  • HIGH: Detects only the most well corroborated threats with a low rate of false positives.

Accessible with the following methods

Method Description
GET_CONFIDENCETHRESHOLD() Getter for CONFIDENCETHRESHOLD, with configurable default
ASK_CONFIDENCETHRESHOLD() Getter for CONFIDENCETHRESHOLD w/ exceptions if field has no
HAS_CONFIDENCETHRESHOLD() Determine if CONFIDENCETHRESHOLD has a value

FirewallRuleType

The rule type configuration for the firewall rule. Exactly one member of this union should be set.

Accessible with the following methods

Method Description
GET_FIREWALLRULETYPE() Getter for FIREWALLRULETYPE

Public Local Types In This Class

Internal table types, representing arrays and maps of this class, are defined as local types:

TT_FIREWALLRULES

TYPES TT_FIREWALLRULES TYPE STANDARD TABLE OF REF TO /AWS1/CL_R5RFIREWALLRULE WITH DEFAULT KEY
.