ltm rule
ltm rule(1) BIG-IP TMSH Manual ltm rule(1)
NAME
rule - Configures an iRule for traffic management system configuration.
MODULE
ltm
SYNTAX
Configure the rule component within the ltm module using the syntax shown in the following sections.
CREATE/MODIFY
create rule [name]
edit rule [name]
modify rule [ [ [name] | [glob] | [regex] ] ... ]
Note: When using tmsh, you can only create iRules using the editor, which starts when you use the create or edit commands.
You cannot create an iRule directly on the command line. The vim editor applies the autoindent and smartindent options. You
can toggle on/off paste mode using the F12 key.
Note: You can also edit user metadata associated with an iRule. See the example section for more information.
DISPLAY
list rule
list rule [ [ [name] | [glob] | [regex] ] ... ]
show running-config rule
show running-config rule [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
show rule
show rule [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
mv rule [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DELETE
delete rule [name]
GENERATE
generate rule [name]
options:
checksum
signature
HELP help rule help rule [ command | event | namespace ] [name]
DESCRIPTION
You cannot edit the system rules that come with the BIG-IP system. However, you can open a system rule in the editor and
use it as a template to create a new rule.
To create a new rule using a system rule as a template:
1. Enter the command sequence edit rule [system rule name].
tmsh opens the system rule in an editor.
2. Change the name of the rule in the editor.
3. Edit the rule and exit the editor.
tmsh checks for syntax errors, and if there are none, it saves the new rule.
For more information about iRules(r), see http://devcentral.f5.com/.
EXAMPLES
list rule
Displays all iRules.
delete rule my_irule
Deletes the iRule named my_irule.
rule my_irule {
when RULE_INIT {
}
priority 1
when SERVER_CONNECTED {
}
timing on
check strict
}
Creates an iRule named my_irule.
generate rule my_irule checksum
Generates a checksum for the rule definition and adds the checksum to the rule.
generate rule my_irule signature signing-key my_key
Generates a signature for the rule definition using the specified private key and adds the signature to the rule.
Note: For a rule that includes a checksum or signature to successfully load, the rule definition contents must match the
stored checksum or signature. To modify the rule definition and still retain the checksum or signature, the ignore-
verification attribute must be set to true. This is done by editing the rule and adding the ignore-verification attribute,
which allows the modified rule to load and changes the verification status to Not Verified:
rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
ignore-verification true }
Modifies an existing iRule named my_irule by adding a new metadata and modifying an existing metadata:
modify rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
metadata replace-all-with {
my_meta { persist false
value "hello"
}
my_meta2 { persist false
value "hello 2"
}
} }
The metadata attribute is the user defined key/value pair. Metadata has the following format:
metadata
[add | delete | modify] {
[metadata_name] {
value [ "value content" ]
persist [ true | false ]
} }>
Deletes a metadata from an iRule:
modify rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
metadata delete { my_meta } }
mv /ltm rule /Common/my_rule to-folder /Common/some_folder
Moves an iRule named my_rule to the folder named some_folder, where some_folder has already been created under /Common.
Note: Please note that you may not move an iRule that has an explicit usage of a configuration object, such as a pool.
OPTIONS
checksum
Generates a checksum for the rule definition and adds the checksum to the rule. This option is used only with the
generate command.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
name Specifies a unique name for the component. This option is required for the create, delete, and modify commands.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
signature
Generates a signature for the rule definition using the specified private key and adds the signature to the rule as a
property. This option is used only with the generate command.
signing-key
Specifies the private key to use for signing the rule. This is used only with the signature option.
meta-data
Specifies the user-defined key/value pair associated with the rule. See the example section for usage format.
app-project
Specifies the dev plugin this rule belongs to. This is a read-only attribute.
SEE ALSO
create, delete, edit, generate, glob, list, modify, mv, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2013. All rights reserved.
BIG-IP 2015-10-07 ltm rule(1)