import { aws_ec2 as ec2 } from 'aws-cdk-lib';
import * as constructs from 'constructs';
import { DynamicTagResourceGroup, DynamicTagResourceGroupSet } from './resourceGroups';
import { StatefulRuleDatabase } from './statefuldatabase';
export declare enum StatefulAction {
    /**
     * Traffic will pass
     */
    PASS = "pass",
    /**
     * Traffic will be droped silently. Note, When will cause a timeout for TCP, Consider using REJECT
     */
    DROP = "drop",
    /**
     * Traffic will be dropped, and a TCP reset sent to the source
     */
    REJECT = "reject",
    /**
     * Raises an alert according to the firewalls logging/alert
     */
    ALERT = "alert"
}
export declare enum FWProtocol {
    TCP = "tcp",
    UPD = "udp",
    ICMP = "icmp",
    IP = "ip",
    HTTP = "http",
    TLS = "tls"
}
export declare enum Direction {
    /**
     * Traffic allowed from Src to destination only
     */
    OUTBOUND = "->",
    /**
     * Traffic allowed in both directions
     */
    BOTH = "<>"
}
export declare type SrcDstAddr = string | PrefixList | DynamicTagResourceGroup;
export declare type SrcDstPort = string;
export interface SuricataRuleProps {
    readonly name: string;
    readonly action: StatefulAction;
    readonly protocol: FWProtocol;
    readonly source: SrcDstAddr;
    readonly destination: SrcDstAddr;
    readonly srcPort: SrcDstPort;
    readonly destPort: SrcDstPort;
    readonly direction: Direction;
}
export interface FQDNStatefulRuleProps extends SuricataRuleProps {
    readonly fqdn: string;
    readonly priority?: number | undefined;
    readonly rulesDatabase?: StatefulRuleDatabase | undefined;
}
export interface PrefixListSetInterface {
    readonly arn: string;
    readonly name: string;
}
export interface ReferenceSet {
    readonly arn: string;
    readonly name: string;
}
declare type PrefixListSet = PrefixListSetInterface;
export declare class FQDNStatefulRule extends constructs.Construct {
    uuid: string;
    prefixListSet: PrefixListSet[];
    resourceGroupSets: DynamicTagResourceGroupSet[];
    constructor(scope: constructs.Construct, id: string, props: FQDNStatefulRuleProps);
}
export declare enum IPAddressFamily {
    IPV4 = "IPv4",
    IPV6 = "IPv6"
}
export interface PrefixListProps {
    readonly addressFamily: IPAddressFamily;
    readonly prefixListName: string;
    readonly maxEntries: number;
}
export interface PrefixListEntry {
    readonly cidr: string;
    readonly description: string;
}
export declare class PrefixList extends constructs.Construct {
    readonly prefixlist: ec2.CfnPrefixList;
    readonly prefixlistArn: string;
    readonly prefixListSet: PrefixListSet;
    private entries;
    constructor(scope: constructs.Construct, id: string, props: PrefixListProps);
    addEC2Instance(props: ec2.Instance): void;
}
export interface NWFWRulesEngine {
    readonly firewallAccount: string;
    readonly rulesDatabase: StatefulRuleDatabase;
}
export interface SuricataRuleGroupProps {
    readonly ruleGroupName: string;
    readonly description?: string | undefined;
    readonly suricataRules?: FQDNStatefulRule[];
    readonly capacity: number;
    readonly networkFirewallEngine: NWFWRulesEngine;
}
export declare class SuricataRuleGroup extends constructs.Construct {
    ruleGroupArn: string;
    private ruleReferenceSets;
    private ruleuuidlist;
    private rulesDatabase;
    private crLambda;
    constructor(scope: constructs.Construct, id: string, props: SuricataRuleGroupProps);
    addRule(props: FQDNStatefulRuleProps): void;
}
export {};