1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
You could look into using suricata based rules like this example for domain filtering.
You could also do it with 5-tuple settings being constantly updated by a lambda function that checks the IP for a domain and updates the Network Firewall Rule
답변함 일 년 전
Hi Pablo, thanks for the response. I am keeping 5-tuple/lambda option as a last resort.
Are you able to help with a Suricata based rule for my example (pasted again below)? I am not sure how to use/pass port details. Or point me to any examples. The link which you have posted above (which I had seen) doesn't provide this information
Source - IP address of an EC2 (x.x.x.x/32) Destination domain: .example.com Destination port range: 5661-5662 Type of rule: ALLOW
관련 콘텐츠
AWS 공식업데이트됨 10달 전
Can you please add a the purpose behind this, asking so as to be able to recommend in a better way.
HI there, I might be able to help you here. Can you confirm if the traffic or packets are HTTP-based? Doesn't matter if its not going through standard ports as Suricata is able to inspect packets up to Layer 7. If it's not HTTP, which protocol is it using to establish the connection? Thanks, Carlos