Networking::PacketFilterGlobals¶
Introduced : BIG-IP_v9.0
The PacketFilterGlobals interface enables you to work with the global
lists of trusted source addresses and ingress VLANs used in packet
filtering, and allows you to view and modify other overall packet
filter settings. Note: The system processes exemptions before packet
filter rules, so you cannot override such settings with a packet
filter rule. Attributes controlling exemptions include:
always_accept_arp, always_accept_important_icmp, and those involving
trusted VLANs, trusted addresses, and trusted MAC addresses.
Methods¶
Method | Description | Introduced |
add_trusted_address | Adds the specified addresses to the list of trusted source addresses. | BIG-IP_v9.0 |
add_trusted_mac_address | Adds the specified MAC addresses to the list of trusted MAC addresses. | BIG-IP_v9.0 |
add_trusted_vlan | Adds the specified ingress VLANs to the list of trusted VLANs. | BIG-IP_v9.0 |
get_always_accept_arp_state | Gets the state indicating whether the system automatically accepts ARP packets. | BIG-IP_v11.0.0 |
get_always_accept_important_icmp_state | Gets the state indicating whether the system automatically accepts the following ICMP packet types: UNREACH, SOURCEQUENCH, REDIRECT, TIMEXCEED. | BIG-IP_v11.0.0 |
get_default_action | Gets the action to take for packets that do not match the criteria specified in any of the packet filter rules. | BIG-IP_v11.0.0 |
get_filter_established_connections_state | Gets the state indicating whether the system should filter all ingress packets, even if the packets are part of an existing connection. | BIG-IP_v11.0.0 |
get_packet_filter_state | Gets the state indicating whether packet filtering is enabled or disabled. | BIG-IP_v11.0.0 |
get_send_icmp_error_on_packet_reject_state | Gets the state indicating whether the system should send an ICMP type 3 (destination unreachable), code 13 (administratively prohibited) packet when an ingress packet is rejected. | BIG-IP_v11.0.0 |
get_trusted_address | Gets a list of all trusted source addresses used in packet filtering on this device. | BIG-IP_v9.0 |
get_trusted_mac_address | Gets a list of all trusted MAC addresses used in packet filtering on this device. | BIG-IP_v9.0 |
get_trusted_vlan | Gets a list of all trusted ingress VLANs used in packet filtering on this device. | BIG-IP_v9.0 |
get_version | Gets the version information for this interface. | BIG-IP_v9.0 |
remove_trusted_address | Removes the specified addresses from the list of trusted source addresses. | BIG-IP_v9.0 |
remove_trusted_mac_address | Removes the specified MAC addresses from the list of trusted MAC addresses. | BIG-IP_v9.0 |
remove_trusted_vlan | Removes the specified ingress VLANs from the list of trusted VLANs. | BIG-IP_v9.0 |
set_always_accept_arp_state | Sets the state indicating whether the system automatically accepts ARP packets. The default is enabled. | BIG-IP_v11.0.0 |
set_always_accept_important_icmp_state | Sets the state indicating whether the system automatically accepts the following ICMP packet types: UNREACH, SOURCEQUENCH, REDIRECT, TIMEXCEED. The default is enabled. | BIG-IP_v11.0.0 |
set_default_action | Sets the action to take for packets that do not match the criteria specified in any of the packet filter rules. The default is accept. Note that you can effectively stop all traffic to the system if you select either discard or reject, and you do not configure additional packet filter rules to accept management or other acceptable traffic. We recommend that you leave this setting at the default value, accept. | BIG-IP_v11.0.0 |
set_filter_established_connections_state | Sets the state indicating whether the system should filter all ingress packets, even if the packets are part of an existing connection. The default is disabled (unchecked). | BIG-IP_v11.0.0 |
set_packet_filter_state | Sets the state indicating whether packet filtering is enabled or disabled. The default is disabled. If enabled, the system filters incoming packets, and directs traffic based on the criteria you specify, both in the packet filter globals and in the packet filter rules. | BIG-IP_v11.0.0 |
set_send_icmp_error_on_packet_reject_state | Sets the state indicating whether the system should send an ICMP type 3 (destination unreachable), code 13 (administratively prohibited) packet when an ingress packet is rejected. When disabled, the system sends an ICMP reject packet that is protocol-dependent. The default is disabled. | BIG-IP_v11.0.0 |
Aliases¶
Alias | Type | Description |
DefaultActionSequence | DefaultAction [] | A sequence of default actions. |
See Also¶
iControl ::
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code¶
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.