security firewall address-list
security firewall address-list(1) BIG-IP TMSH Manual security firewall address-list(1)
NAME
address-list - Configures an address-list for use by firewall rules. An address list is a list of IP-address prefixes to
compare against the source-IP address and/or destination-IP address in an IP packet.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create address-list [name]
modify address-list [[name] | all]
options:
addresses [add | delete | modify | replace-all-with] {
[ [ip address] ]
}
fqdns [add | delete | replace-all-with] {
[ fully qualified domain names]
}
fqdns none
geo [add | default | delete | replace-all-with] {
[ [country_code[:state_name/city_name] ] ]
}
geo none
app-service [name]
description [string]
edit address-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list address-list [[name] | all | [property]]
show running-config address-list [[name] | all | [property]]
DELETE
delete address-list [[name] | all]
DESCRIPTION
You can use the address-list component to define reusable lists of addresses. You can use an address list in any of the
following firewalls and firewall rule lists: net self, net route-domain, security firewall global-rules, security firewall
rule-list, security firewall management-ip-rules, and ltm virtual. A firewall rule compares all of the addresses in the
list to either the source or destination IP in the packet, depending on how you apply the list. If there is a match, the
firewall rule takes an action, such as accepting or dropping the packet.
EXAMPLES
create address-list alist1 addresses add { 10.10.1.1 10.10.1.2 192.168.24.0/24 }
Creates a new address list, "alist1," with two IPv4 addresses and one IPv4 subnet.
modify address-list alist1 addresses modify { 10.10.1.1 { description "management IP at wwmed site3" } }
Modifies the above address list with a description for the first address.
modify alist1 geo add { TR:Istanbul }
Modifies the above address list with an addition of a country:city/state.
modify address-list alist1 addresses add { 2001:DB8:a::/64 }
Modifies the same address list by adding an IPv6 subnet.
list address-list alist1
security firewall address-list alist1 {
addresses {
10.10.1.1 {
description "management IP at wwmed site3"
}
10.10.1.2 { }
192.168.24.0/24 { }
2001:db8:a::/64 { }
}
}
Shows the modified address list.
create address-list xyz fqdns add { xyz.com }
Creates a new address list, "xyz" with a single fully qualified domain 'xyz.com'.
modify address-list xyz addresses add { 2001:DB8:a::/64 } fqdns add { abc.com }
Modifies the same address list by adding an IPv6 subnet and another fully qualified domain 'abc.com'.
list address-list xyz
security firewall address-list xyz {
addresses {
2001:db8:a::/64 { }
}
fqdns {
abc.com { }
xyz.com { }
}
}
Shows the above address list 'xyz'.
OPTIONS
addresses
Specifies a list of IP addresses and/or subnets to compare against a packet's source or destination address. The
format for an IPv4 address is a.b.c.d[/prefix]. The general format for an IPv6 address is a:b:c:d:e:f:g:h[/prefix];
you can shorten this by eliminating leading zeros from each field (for example, you can shorten
"2001:0db7:3f4a:09dd:ca90:ff00:0042:8329" to "2001:db7:3f4a:9dd:ca90:ff00:42:8329"), and/or by removing the longest
contiguous field of zeros (for example, you can shorten "2001:0:0:0:c34a:0:23ff:678" to "2001::c34a:0:23ff:678"). TMSH
accepts any valid text representation of IPv6 addresses, as defined in RFC 2373 (see
).
The next keyword specifies the action to take with the addresses (add, delete, modify, or replace the current set of
addresses).
add Creates a new address list, which you specify next with IP addresses and/or prefixes in curly braces ({}).
delete
Deletes the address(es) that you specify next, in curly braces ({}).
modify
Makes it possible to replace the optional description(s) for the address(es). You can specify a description in a
nested set of curly braces after each address.
replace-all-with
Replaces the current set of IP addresses with the address(es) that you specify next, in curly braces ({}).
fqdns
Specifies a list of fully qualified domain names to compare against packet's destination IP address domain.
The next keyword specifies the action to take with the fqdns (add, delete, or replace the current set of fqdns).
geo Specifies a list of geographic locations that the packet will be compared against.
app-service
Associates this address list with a particular Application Service. An Application Service is a major component of an
iApp, an advanced configuration tool for creating and maintaining similar applications on multiple servers. The asm
module (see asm) has components for working with iApps.
description
Is your description for this address list.
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall global-rules, security firewall management-ip-rules,
security firewall rule-list, ltm virtual, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 security firewall address-list(1)