Networking::PacketFilter¶
Introduced : BIG-IP_v9.0
The PacketFilter interface enables you to work with the definitions
and attributes of packet filter rules. The goal of the packet filter
is to provide a flexible and integrated perimeter security mechanism
to explicitly block as well as accept traffic using complex
expressions similar to those used by libpcap (e.g. tcpdump).
Methods¶
| Method | Description | Introduced |
| create | Creates the specified packet filter rules. | BIG-IP_v9.0 |
| delete_all_packet_filters | Deletes all packet filters. | BIG-IP_v9.0 |
| delete_packet_filter | Deletes the specified packet filter rules. | BIG-IP_v9.0 |
| get_action | Gets the actions of what to do if the ingress traffic matches the filter rules. | BIG-IP_v9.0 |
| get_all_statistics | Gets the statistics for all the packet filter rules. | BIG-IP_v9.0 |
| get_bw_controller_policy | Gets the bandwidth controller policy of the specified filter rules. | BIG-IP_v9.0 |
| get_description | Gets the descriptions for a set of packet filters. | BIG-IP_v11.0.0 |
| get_expression | Gets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression. | BIG-IP_v9.0 |
| get_list | Gets a list of all packet filter rules. | BIG-IP_v9.0 |
| get_log_state | Gets the states that specify whether an entry will be created in the system log each time the rule is matched. | BIG-IP_v9.0 |
| get_rate_class | Gets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of the specified rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect. | BIG-IP_v9.0 |
| get_sort_order | Gets the sort orders of the specified filter rules. | BIG-IP_v9.0 |
| get_statistics | Gets the statistics for the specified packet filters. | BIG-IP_v9.0 |
| get_version | Gets the version information for this interface. | BIG-IP_v9.0 |
| get_vlan | Gets the optional ingress VLANs to match on. | BIG-IP_v9.0 |
| reset_statistics | Resets the statistics for the specified packet filters. | BIG-IP_v9.0 |
| set_action | Sets the actions of what to do if the ingress traffic matches the filter rules. | BIG-IP_v9.0 |
| set_bw_controller_policy | Sets the bandwidth controller policy of the specified filter rules. | BIG-IP_v9.0 |
| set_description | Sets the description for a set of packet filters. This is an arbitrary field which can be used for any purpose. | BIG-IP_v11.0.0 |
| set_expression | Sets the expressions used to match ingress traffic. Each expression is defined by the pcap library, which is used to implement tcpdump, and is compiled into a Berkeley Packet Filter program. The man page for tcpdump describes the format and valid syntax of the filter rule expression. | BIG-IP_v9.0 |
| set_log_state | Sets the states that specify whether an entry will be created in the system log each time the rule is matched. | BIG-IP_v9.0 |
| set_rate_class | Sets the rate classes that will be used to rate limit the traffic. If the rule has an associated Rate Class name, then any traffic allowed by the rule will also be rate limited according to the behavior of the specified rate class. It is meaningless to associate a rate class with a rule that has a discard or reject action. Likewise, the rate class will only take effect when the traffic actually leaves the system. If the traffic does not leave the system, the rate class has no effect. | BIG-IP_v9.0 |
| set_sort_order | Sets the sort orders of the specified filter rules. | BIG-IP_v9.0 |
| set_vlan | Sets the optional ingress VLANs to match on. | BIG-IP_v9.0 |
Structures¶
Structure
Description
A struct that describes statistics for a particular packet filter rule.
A struct that describes packet filter rule statistics and timestamp.
Aliases¶
| Alias | Type | Description |
| PacketFilterStatisticEntrySequence | PacketFilterStatisticEntry [] | A sequence of packet filter rule statistics. |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.