security firewall matching-rule
security firewall matching-rule(1) BIG-IP TMSH Manual security firewall matching-rule(1)
NAME
matching-rule - Shows the best match firewall rule amongst all the admin configured Network Firewall rules in different
contexts (global, route-domain, VIP/SelfIP) given source/destination IP address and port, protocol and user configured vlan
name. You can only use the show command with this component.
MODULE
security firewall
SYNTAX
show matching-rule
dest-addr [IP address]
source-addr [IP address]
dest-port [TCP/UDP port]
source-port [TCP/UDP port]
protocol [protocol]
vlan [vlan name]
DESCRIPTION
With user provided VLAN, source/destination IP addresses, TCP/UDP ports and protocol, the command will try to match these
parameters against user configured ACL rules in global, route domain, VIP/SelfIP context, and return the best match rules.
Both IPv4 and IPv6 addresses and all possible protocols are supported. This command can be used as a diagnostic tool to
trouble-shoot BigIP firewall configuration problem. It provides a faster way to identify which ACL rule will have impact to
the specified packet stream.
EXAMPLES
# show security firewall matching-rule dest-addr 1.1.1.1 dest-port 140 source-addr 2.2.2.2 source-port 141 protocol 10 vlan
/Common/internal
Firewall Matching Rule:
-----------------------------------------------------------
Context Type Context Name Policy Name Rule Name Action
-----------------------------------------------------------
Global globalrule Accept
Total records returned: 1
SEE ALSO
show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.
BIG-IP 2013-04-09 security firewall matching-rule(1)