1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
You could look into using suricata based rules like this example for domain filtering.
You could also do it with 5-tuple settings being constantly updated by a lambda function that checks the IP for a domain and updates the Network Firewall Rule
répondu il y a un an
Hi Pablo, thanks for the response. I am keeping 5-tuple/lambda option as a last resort.
Are you able to help with a Suricata based rule for my example (pasted again below)? I am not sure how to use/pass port details. Or point me to any examples. The link which you have posted above (which I had seen) doesn't provide this information
Source - IP address of an EC2 (x.x.x.x/32) Destination domain: .example.com Destination port range: 5661-5662 Type of rule: ALLOW
Contenus pertinents
- demandé il y a un an
- demandé il y a 6 mois
- demandé il y a 10 mois
- demandé il y a un mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
Can you please add a the purpose behind this, asking so as to be able to recommend in a better way.
HI there, I might be able to help you here. Can you confirm if the traffic or packets are HTTP-based? Doesn't matter if its not going through standard ports as Suricata is able to inspect packets up to Layer 7. If it's not HTTP, which protocol is it using to establish the connection? Thanks, Carlos