import * as cdk from 'aws-cdk-lib';
import { aws_networkfirewall as firewall } from 'aws-cdk-lib';
import * as constructs from 'constructs';
export declare enum StatelessActions {
    PASS = "aws:pass",
    DROP = "aws:drop",
    STATEFUL = "aws:forward_to_sfe"
}
export declare enum StatefulDefaultActions {
    DROP_STRICT = "aws:drop_strict",
    DROP_ESTABLISHED = "aws:drop_established",
    ALERT_STRICT = "aws:alert_strict",
    ALERT_ESTABLISHED = "aws:alert_established"
}
export declare enum ManagedAwsFirewallRules {
    ABUSED_LEGIT_MALWARE_DOMAINS_ACTION_ORDER = "AbusedLegitMalwareDomainsActionOrder",
    ABUSED_LEGIT_BOTNET_COMMAND_AND_CONTROL_DOMAINS_ACTION_ORDER = "AbusedLegitBotNetCommandAndControlDomainsActionOrder",
    MALWARE_DOMAINS_ACTION_ORDER = "MalwareDomainsActionOrder",
    BOTNET_COMMAND_AND_CONTROL_DOMAINS_ACTION_ORDER = "BotNetCommandAndControlDomainsActionOrder",
    THREAT_SIGNATURES_BOTNET_ACTION_ORDER = "ThreatSignaturesBotnetActionOrder",
    THREAT_SIGNATURES_BOTNET_WEB_ACTION_ORDER = "ThreatSignaturesBotnetWebActionOrder",
    THREAT_SIGNATURES_BOTNET_WINDOWS_ACTION_ODER = "ThreatSignaturesBotnetWindowsActionOrder",
    THREAT_SIGNATURES_DOS_ACTION_ORDER = "ThreatSignaturesDoSActionOrder",
    THREAT_SIGNATURES_EMERGING_EVENTS_ACTION_ORDER = "ThreatSignaturesEmergingEventsActionOrder",
    THREAT_SIGNATURES_EXPLOITS_ACTION_ORDER = "ThreatSignaturesExploitsActionOrder",
    THREAT_SIGNATURES_FUP_ACTION_ORDER = "ThreatSignaturesFUPActionOrder",
    THREAT_SIGNATURES_IOC_ACTION_ORDER = "ThreatSignaturesIOCActionOrder",
    THREAT_SIGNATURES_MALWARE_ACTION_ORDER = "ThreatSignaturesMalwareActionOrder",
    THREAT_SIGNATURES_MALWARE_COIN_MINING_ACTION_ORDER = "ThreatSignaturesMalwareCoinminingActionOrder",
    THREAT_SIGNATURES_MAWLARE_WEB_ACTION_ORDER = "ThreatSignaturesMalwareWebActionOrder",
    THREAT_SIGNATURES_MALWARE_MOBILE_ACTION_ORDER = "ThreatSignaturesMalwareMobileActionOrder",
    THREAT_SIGNATURES_PHISHING_ACTION_ORDER = "ThreatSignaturesPhishingActionOrder",
    THREAT_SIGNATURES_SCANNERS_ACTION_ORDER = "ThreatSignaturesScannersActionOrder",
    THREAT_SIGNATURES_SUSPECT_ACTION_ORDER = "ThreatSignaturesSuspectActionOrder",
    THREAT_SIGNATURES_WEB_ATTACKS_ACTION_ORDER = "ThreatSignaturesWebAttacksActionOrder"
}
export interface AddStatefulRulesProps {
    readonly awsManagedRules: ManagedAwsFirewallRules[];
}
export interface IFirewallPolicyProperty {
    statefulDefaultActions?: string[];
    statefulEngineOptions?: firewall.CfnFirewallPolicy.StatefulEngineOptionsProperty | cdk.IResolvable;
    statefulRuleGroupReferences?: Array<firewall.CfnFirewallPolicy.StatefulRuleGroupReferenceProperty>;
    statelessCustomActions?: Array<firewall.CfnFirewallPolicy.CustomActionProperty | cdk.IResolvable> | cdk.IResolvable;
    statelessDefaultActions: string[];
    statelessFragmentDefaultActions: string[];
    statelessRuleGroupReferences?: Array<firewall.CfnFirewallPolicy.StatelessRuleGroupReferenceProperty | cdk.IResolvable> | cdk.IResolvable;
}
export declare enum RuleGroupType {
    STATEFUL = "STATEFUL",
    STATELESS = "STATELESS"
}
export declare enum Protocol {
    ICMP = 1,
    TCP = 6,
    UDP = 17
}
export declare enum WellKnownPorts {
    SSH = 22,
    HTTP = 80,
    HTTPS = 443,
    RDP = 3389
}
export interface StatelessRuleProps {
    readonly actions: StatelessActions[];
    readonly priority: number;
    readonly destinationPorts?: undefined | (string | number | WellKnownPorts)[];
    readonly destinations?: undefined | firewall.CfnRuleGroup.AddressProperty[];
    readonly protocols?: undefined | Protocol[];
    readonly sourcePorts?: undefined | (string | number)[];
    readonly sources?: undefined | firewall.CfnRuleGroup.AddressProperty[];
    readonly tcpFlags?: undefined | firewall.CfnRuleGroup.TCPFlagFieldProperty[];
}
export interface FirewallPolicyProps {
    readonly policyName: string;
    readonly statelessDefaultActions: StatelessActions[];
    readonly statelessFragmentDefaultActions: StatelessActions[];
    readonly statefulEngineOptions?: undefined | firewall.CfnFirewallPolicy.StatefulEngineOptionsProperty;
}
export interface AddStatelessRulesProps {
    readonly groupName: string;
    readonly rules: firewall.CfnRuleGroup.StatelessRuleProperty[];
    readonly description: string;
}
export declare class FirewallPolicy extends constructs.Construct {
    policy: IFirewallPolicyProperty;
    readonly firewallpolicy: firewall.CfnFirewallPolicy;
    constructor(scope: constructs.Construct, id: string, props: FirewallPolicyProps);
    addManagedStatefulRules(props: AddStatefulRulesProps): void;
    addStatelessRuleGroup(props: AddStatelessRulesProps): void;
}
export declare class StatelessRule {
    readonly statelessRuleProperty: firewall.CfnRuleGroup.StatelessRuleProperty;
    constructor(props: StatelessRuleProps);
}