Support $HOME_NET override for Centralized Inspection VPCs #1004
Description
Is your feature request related to a problem? Please describe.
Currently LZA does not support overriding the $HOME_NET variable in the firewall policy. Overriding $HOME_NET is mandatory for firewalls that are deployed in centralized deployment models.
Refer to aws doc: https://docs.aws.amazon.com/network-firewall/latest/developerguide/troubleshooting-rules.html
Describe the feature you'd like
The possibility to add a list of CIDRs to override $HOME_NET in the LZA firewall configuration https://awslabs.github.io/landing-zone-accelerator-on-aws/v1.14.2/typedocs/interfaces/packages__aws-accelerator_config_lib_models_network-config.INfwConfig.html
Additional context
Currently we have to manually override the $HOME_NET variable. If we change the Firewall Policy, the LZA pipeline run erases the value of $HOME_NET. If the default action on packets that don't match any rules is set to DROP, all traffic is dropped until we manually override $HOME_NET again.