class AWS::EC2::NetworkACL::Entry
Represents a single entry (rule) for an EC2
network ACL.
Attributes
@return [:allow,:deny] Whether to allow or deny the traffic that
matches the rule.
@return [String] The network range to allow or deny, in CIDR notation.
@return [Boolean] Indicate the rule is an egress rule (rule is
applied to traffic leaving the subnet).
@return [nil,Integer] A value of -1 means all codes for the given
ICMP type. Returns nil unless the protocol is ICMP.
@return [nil,Integer] A value of -1 means all codes for the given
ICMP type. Returns nil unless the protocol is ICMP.
@return [Boolean] Indicate the rule is an ingress rule (rule is
applied to traffic entering the subnet).
@return [NetworkACL]
@return [nil,Range<Integer>] For the TCP or UDP protocols, the range
of ports the rule applies to.
@return [Integer] Returns the protocol number. A value of -1
means all protocols. See http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml for a list of protocol numbers to names.
@return [Integer]
Public Class Methods
# File lib/aws/ec2/network_acl/entry.rb, line 21 def initialize network_acl, details @network_acl = network_acl @rule_number = details[:rule_number] @protocol = details[:protocol].to_i @action = details[:rule_action].to_sym @egress = details[:egress] @ingress = !@egress @cidr_block = details[:cidr_block] if type_code = details[:icmp_type_code] @icmp_type = type_code[:type] @icmp_code = type_code[:code] end if range = details[:port_range] @port_range = (range[:from]..range[:to]) end end
Public Instance Methods
@return [Boolean] Returns true if traffic matching this rule
is allowed.
# File lib/aws/ec2/network_acl/entry.rb, line 79 def allow? @action == :allow end
Deletes the current network ACL entry. @return [nil]
# File lib/aws/ec2/network_acl/entry.rb, line 139 def delete network_acl.delete_entry(egress? ? :egress : :ingress, rule_number) end
@return [Boolean] Returns true if traffic matching this rule
is denied.
# File lib/aws/ec2/network_acl/entry.rb, line 85 def deny? @action == :deny end
@return [Boolean] Returns true if the rule is applied to traffic
leaving the subnet.
# File lib/aws/ec2/network_acl/entry.rb, line 97 def egress? @egress end
@return [Boolean] Returns true if the rule is applied to traffic
entering the subnet.
# File lib/aws/ec2/network_acl/entry.rb, line 91 def ingress? @ingress end
Replaces the current network ACL entry with the options passed.
@param [Hash] options
@option options [required,:allow,:deny] :rule_action Whether to
allow or deny traffic that matches the rule.
@option options [required,Integer] :protocol IP protocol the rule
applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml
@option options [required,String] :cidr_block The CIDR range to
allow or deny, in CIDR notation (e.g., 172.16.0.0/24).
@option options [Boolean] :egress (false)
Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).
@option options [Range<Integer>] :port_range A numeric range
of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.
@option options [Integer] :icmp_code For the ICMP protocol, the
ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.
@option options [Integer] :icmp_type For the ICMP protocol,
the ICMP type. You can use -1 to specify all ICMP types.
@return [nil]
# File lib/aws/ec2/network_acl/entry.rb, line 133 def replace options = {} network_acl.replace_entry(options.merge(:rule_number => rule_number)) end