1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
You could look into using suricata based rules like this example for domain filtering.
You could also do it with 5-tuple settings being constantly updated by a lambda function that checks the IP for a domain and updates the Network Firewall Rule
con risposta un anno fa
Hi Pablo, thanks for the response. I am keeping 5-tuple/lambda option as a last resort.
Are you able to help with a Suricata based rule for my example (pasted again below)? I am not sure how to use/pass port details. Or point me to any examples. The link which you have posted above (which I had seen) doesn't provide this information
Source - IP address of an EC2 (x.x.x.x/32) Destination domain: .example.com Destination port range: 5661-5662 Type of rule: ALLOW
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 10 mesi fa
Can you please add a the purpose behind this, asking so as to be able to recommend in a better way.
HI there, I might be able to help you here. Can you confirm if the traffic or packets are HTTP-based? Doesn't matter if its not going through standard ports as Suricata is able to inspect packets up to Layer 7. If it's not HTTP, which protocol is it using to establish the connection? Thanks, Carlos