1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hello!
For the first rule it would look like this:
pass tls any any -> any any (tls.sni; dotprefix; content:".amazonaws.com"; nocase; endswith; flow:to_server, established; sid:123456)
The "dotprefix" option will let you pass all traffic going to subdomains of .amazonaws.com
The sid is just a random number, we recommend at least 6 unique digits for every rule to make it easier when you're searching logs.
For the second rule you would want something like this:
drop udp any any -> any 123 (flow:established; app-layer-protocol:!ntp; sid:123456;)
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전