Skip to content

/AWS1/CL_R5RUPDFWALLRULEENTRY

The details for updating a single firewall rule in a batch operation.

CONSTRUCTOR

IMPORTING

Required arguments:

iv_firewallrulegroupid TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

The unique identifier of the firewall rule group for the rule.

Optional arguments:

iv_firewalldomainlistid TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

The ID of the domain list to use in the rule. This setting is mutually exclusive with DnsThreatProtection and FirewallRuleType.

iv_firewallthreatprotectio00 TYPE /AWS1/R5RRESOURCEID /AWS1/R5RRESOURCEID

The ID of the DNS Firewall Advanced rule.

iv_priority TYPE /AWS1/R5RPRIORITY /AWS1/R5RPRIORITY

The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

iv_action TYPE /AWS1/R5RACTION /AWS1/R5RACTION

The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:

  • ALLOW - Permit the request to go through. Not available for DNS Firewall Advanced rules.

  • ALERT - Permit the request and send metrics and logs to CloudWatch.

  • BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.

iv_blockresponse TYPE /AWS1/R5RBLOCKRESPONSE /AWS1/R5RBLOCKRESPONSE

The way that you want DNS Firewall to block the request, used with the rule action setting BLOCK.

  • NODATA - Respond indicating that the query was successful, but no response is available for it.

  • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

  • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

iv_blockoverridedomain TYPE /AWS1/R5RBLOCKOVERRIDEDOMAIN /AWS1/R5RBLOCKOVERRIDEDOMAIN

The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

iv_blockoverridednstype TYPE /AWS1/R5RBLOCKOVERRIDEDNSTYPE /AWS1/R5RBLOCKOVERRIDEDNSTYPE

The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

iv_blockoverridettl TYPE /AWS1/R5RBLOCKOVERRIDETTL /AWS1/R5RBLOCKOVERRIDETTL

The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

This setting is required if the BlockResponse setting is OVERRIDE.

iv_name TYPE /AWS1/R5RNAME /AWS1/R5RNAME

The name of the rule.

iv_firewalldomainrediraction TYPE /AWS1/R5RFIREWALLDOMREDIRACT /AWS1/R5RFIREWALLDOMREDIRACT

How you want the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.

INSPECT_REDIRECTION_DOMAIN: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.

TRUST_REDIRECTION_DOMAIN: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the redirection list to the domain list.

iv_qtype TYPE /AWS1/R5RQTYPE /AWS1/R5RQTYPE

The DNS query type you want the rule to evaluate. Allowed values are:

  • A: Returns an IPv4 address.

  • AAAA: Returns an IPv6 address.

  • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

  • CNAME: Returns another domain name.

  • DS: Record that identifies the DNSSEC signing key of a delegated zone.

  • MX: Specifies mail servers.

  • NAPTR: Regular-expression-based rewriting of domain names.

  • NS: Authoritative name servers.

  • PTR: Maps an IP address to a domain name.

  • SOA: Start of authority record for the zone.

  • SPF: Lists the servers authorized to send emails from a domain.

  • SRV: Application specific values that identify servers.

  • TXT: Verifies email senders and application-specific values.

  • A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see List of DNS record types.

iv_dnsthreatprotection TYPE /AWS1/R5RDNSTHREATPROTECTION /AWS1/R5RDNSTHREATPROTECTION

The type of the DNS Firewall Advanced rule. This setting is mutually exclusive with FirewallDomainListId and FirewallRuleType. Valid values are:

  • DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.

  • DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.

  • DICT_DGA: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.

iv_confidencethreshold TYPE /AWS1/R5RCONFIDENCETHRESHOLD /AWS1/R5RCONFIDENCETHRESHOLD

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:

  • LOW: Provides the highest detection rate for threats, but also increases false positives.

  • MEDIUM: Provides a balance between detecting threats and false positives.

  • HIGH: Detects only the most well corroborated threats with a low rate of false positives.

io_firewallruletype TYPE REF TO /AWS1/CL_R5RFIREWALLRULETYPE /AWS1/CL_R5RFIREWALLRULETYPE

The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level FirewallDomainListId and DnsThreatProtection fields.

Queryable Attributes

FirewallRuleGroupId

The unique identifier of the firewall rule group for the rule.

Accessible with the following methods

Method Description
GET_FIREWALLRULEGROUPID() Getter for FIREWALLRULEGROUPID, with configurable default
ASK_FIREWALLRULEGROUPID() Getter for FIREWALLRULEGROUPID w/ exceptions if field has no
HAS_FIREWALLRULEGROUPID() Determine if FIREWALLRULEGROUPID has a value

FirewallDomainListId

The ID of the domain list to use in the rule. This setting is mutually exclusive with DnsThreatProtection and FirewallRuleType.

Accessible with the following methods

Method Description
GET_FIREWALLDOMAINLISTID() Getter for FIREWALLDOMAINLISTID, with configurable default
ASK_FIREWALLDOMAINLISTID() Getter for FIREWALLDOMAINLISTID w/ exceptions if field has n
HAS_FIREWALLDOMAINLISTID() Determine if FIREWALLDOMAINLISTID has a value

FirewallThreatProtectionId

The ID of the DNS Firewall Advanced rule.

Accessible with the following methods

Method Description
GET_FIREWALLTHREATPROTECTI00() Getter for FIREWALLTHREATPROTECTIONID, with configurable def
ASK_FIREWALLTHREATPROTECTI00() Getter for FIREWALLTHREATPROTECTIONID w/ exceptions if field
HAS_FIREWALLTHREATPROTECTI00() Determine if FIREWALLTHREATPROTECTIONID has a value

Priority

The setting that determines the processing order of the rule in the rule group. DNS Firewall processes the rules in a rule group by order of priority, starting from the lowest setting.

Accessible with the following methods

Method Description
GET_PRIORITY() Getter for PRIORITY, with configurable default
ASK_PRIORITY() Getter for PRIORITY w/ exceptions if field has no value
HAS_PRIORITY() Determine if PRIORITY has a value

Action

The action that DNS Firewall should take on a DNS query when it matches one of the domains in the rule's domain list, or a threat in a DNS Firewall Advanced rule:

  • ALLOW - Permit the request to go through. Not available for DNS Firewall Advanced rules.

  • ALERT - Permit the request and send metrics and logs to CloudWatch.

  • BLOCK - Disallow the request. This option requires additional details in the rule's BlockResponse.

Accessible with the following methods

Method Description
GET_ACTION() Getter for ACTION, with configurable default
ASK_ACTION() Getter for ACTION w/ exceptions if field has no value
HAS_ACTION() Determine if ACTION has a value

BlockResponse

The way that you want DNS Firewall to block the request, used with the rule action setting BLOCK.

  • NODATA - Respond indicating that the query was successful, but no response is available for it.

  • NXDOMAIN - Respond indicating that the domain name that's in the query doesn't exist.

  • OVERRIDE - Provide a custom override in the response. This option requires custom handling details in the rule's BlockOverride* settings.

Accessible with the following methods

Method Description
GET_BLOCKRESPONSE() Getter for BLOCKRESPONSE, with configurable default
ASK_BLOCKRESPONSE() Getter for BLOCKRESPONSE w/ exceptions if field has no value
HAS_BLOCKRESPONSE() Determine if BLOCKRESPONSE has a value

BlockOverrideDomain

The custom DNS record to send back in response to the query. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDEDOMAIN() Getter for BLOCKOVERRIDEDOMAIN, with configurable default
ASK_BLOCKOVERRIDEDOMAIN() Getter for BLOCKOVERRIDEDOMAIN w/ exceptions if field has no
HAS_BLOCKOVERRIDEDOMAIN() Determine if BLOCKOVERRIDEDOMAIN has a value

BlockOverrideDnsType

The DNS record's type. This determines the format of the record value that you provided in BlockOverrideDomain. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDEDNSTYPE() Getter for BLOCKOVERRIDEDNSTYPE, with configurable default
ASK_BLOCKOVERRIDEDNSTYPE() Getter for BLOCKOVERRIDEDNSTYPE w/ exceptions if field has n
HAS_BLOCKOVERRIDEDNSTYPE() Determine if BLOCKOVERRIDEDNSTYPE has a value

BlockOverrideTtl

The recommended amount of time, in seconds, for the DNS resolver or web browser to cache the provided override record. Used for the rule action BLOCK with a BlockResponse setting of OVERRIDE.

This setting is required if the BlockResponse setting is OVERRIDE.

Accessible with the following methods

Method Description
GET_BLOCKOVERRIDETTL() Getter for BLOCKOVERRIDETTL, with configurable default
ASK_BLOCKOVERRIDETTL() Getter for BLOCKOVERRIDETTL w/ exceptions if field has no va
HAS_BLOCKOVERRIDETTL() Determine if BLOCKOVERRIDETTL has a value

Name

The name of the rule.

Accessible with the following methods

Method Description
GET_NAME() Getter for NAME, with configurable default
ASK_NAME() Getter for NAME w/ exceptions if field has no value
HAS_NAME() Determine if NAME has a value

FirewallDomainRedirectionAction

How you want the rule to evaluate DNS redirection in the DNS redirection chain, such as CNAME or DNAME.

INSPECT_REDIRECTION_DOMAIN: (Default) inspects all domains in the redirection chain. The individual domains in the redirection chain must be added to the domain list.

TRUST_REDIRECTION_DOMAIN: Inspects only the first domain in the redirection chain. You don't need to add the subsequent domains in the redirection list to the domain list.

Accessible with the following methods

Method Description
GET_FIREWALLDOMREDIRACTION() Getter for FIREWALLDOMAINREDIRACTION, with configurable defa
ASK_FIREWALLDOMREDIRACTION() Getter for FIREWALLDOMAINREDIRACTION w/ exceptions if field
HAS_FIREWALLDOMREDIRACTION() Determine if FIREWALLDOMAINREDIRACTION has a value

Qtype

The DNS query type you want the rule to evaluate. Allowed values are:

  • A: Returns an IPv4 address.

  • AAAA: Returns an IPv6 address.

  • CAA: Restricts CAs that can create SSL/TLS certifications for the domain.

  • CNAME: Returns another domain name.

  • DS: Record that identifies the DNSSEC signing key of a delegated zone.

  • MX: Specifies mail servers.

  • NAPTR: Regular-expression-based rewriting of domain names.

  • NS: Authoritative name servers.

  • PTR: Maps an IP address to a domain name.

  • SOA: Start of authority record for the zone.

  • SPF: Lists the servers authorized to send emails from a domain.

  • SRV: Application specific values that identify servers.

  • TXT: Verifies email senders and application-specific values.

  • A query type you define by using the DNS type ID, for example 28 for AAAA. The values must be defined as TYPENUMBER, where the NUMBER can be 1-65534, for example, TYPE28. For more information, see List of DNS record types.

Accessible with the following methods

Method Description
GET_QTYPE() Getter for QTYPE, with configurable default
ASK_QTYPE() Getter for QTYPE w/ exceptions if field has no value
HAS_QTYPE() Determine if QTYPE has a value

DnsThreatProtection

The type of the DNS Firewall Advanced rule. This setting is mutually exclusive with FirewallDomainListId and FirewallRuleType. Valid values are:

  • DGA: Domain generation algorithms detection. DGAs are used by attackers to generate a large number of domains to launch malware attacks.

  • DNS_TUNNELING: DNS tunneling detection. DNS tunneling is used by attackers to exfiltrate data from the client by using the DNS tunnel without making a network connection to the client.

  • DICT_DGA: Dictionary-based domain generation algorithms detection. Dictionary DGAs use wordlists to generate domains that appear more legitimate, making them harder to detect than traditional DGAs.

Accessible with the following methods

Method Description
GET_DNSTHREATPROTECTION() Getter for DNSTHREATPROTECTION, with configurable default
ASK_DNSTHREATPROTECTION() Getter for DNSTHREATPROTECTION w/ exceptions if field has no
HAS_DNSTHREATPROTECTION() Determine if DNSTHREATPROTECTION has a value

ConfidenceThreshold

The confidence threshold for DNS Firewall Advanced. You must provide this value when you create or update a DNS Firewall Advanced rule. The confidence level values mean:

  • LOW: Provides the highest detection rate for threats, but also increases false positives.

  • MEDIUM: Provides a balance between detecting threats and false positives.

  • HIGH: Detects only the most well corroborated threats with a low rate of false positives.

Accessible with the following methods

Method Description
GET_CONFIDENCETHRESHOLD() Getter for CONFIDENCETHRESHOLD, with configurable default
ASK_CONFIDENCETHRESHOLD() Getter for CONFIDENCETHRESHOLD w/ exceptions if field has no
HAS_CONFIDENCETHRESHOLD() Determine if CONFIDENCETHRESHOLD has a value

FirewallRuleType

The rule type configuration for the firewall rule. This setting is mutually exclusive with the top-level FirewallDomainListId and DnsThreatProtection fields.

Accessible with the following methods

Method Description
GET_FIREWALLRULETYPE() Getter for FIREWALLRULETYPE

Public Local Types In This Class

Internal table types, representing arrays and maps of this class, are defined as local types:

TT_UPDATEFIREWALLRULEENTRIES

TYPES TT_UPDATEFIREWALLRULEENTRIES TYPE STANDARD TABLE OF REF TO /AWS1/CL_R5RUPDFWALLRULEENTRY WITH DEFAULT KEY
.