security firewall user-listΒΆ

security firewall user-list(1)				BIG-IP TMSH Manual			    security firewall user-list(1)

NAME
       user-list - Configures a user-list for use by firewall rules. A firewall rule can match a packet sourced from a particular
       user against one of the users or user-groups in a user list, and can take some action (such as ACCEPT or DROP) for a
       matching packet. An incoming packet's source IP address is matched in user identity database to get the user and group
       properties which are then used to perform the rule match.

MODULE
       security firewall

SYNTAX
   CREATE/MODIFY
	create user-list [name]
	modify user-list [[name] | all]
	 options:
	  app-service [name]
	  description [string]
	  user-groups [add | delete | modify | replace-all-with] {
	   [ [user group names...] ]
	  }
	  users [add | delete | modify | replace-all-with] {
	   [ [user names...] ]
	  }

	edit user-list [[name] | all]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list user-list [[name] | all | [property]]

   DELETE
	delete user-list [[name] | all]

DESCRIPTION
       You can use the user-list component to define reusable lists of user or user-group names for various firewall rules. The
       network software compares a packet's source user (mapped by incoming source IP address) and group that user belong to,
       against users (or user-groups) in this list. You can assign a user list to the firewall rules in net self, net route-
       domain, security firewall global-rules, security firewall rule-list, and ltm virtual firewall rules.

EXAMPLES
       create user-list u-list1 users add { olympus\xyz }

       Creates a new user list named u-list1 with one user named xyz in domain olympus.

       create user-list u-list2 user-groups add { olympus\eng }

       Creates a new user list named u-list2 with one group named eng in domain olympus.

       list user-list

       Shows all the user lists configured in the system.

OPTIONS
       app-service
	    Associates this user list with a particular Application Service. An Application Service is a major component of an
	    iApp, an advanced configuration tool for creating and maintaining similar applications on multiple servers. The asm
	    module has components for working with iApps.

       description
	    Your description for the user list.

       user-groups
	    Specifies a list of user groups to compare against the groups a user belongs to (which is mapped from the source IP
	    address).

       users
	    Specifies a list of users to compare against a packet's source user (which is mapped from the source IP address).

SEE ALSO
       edit, list, modify, net self, net route-domain, security firewall address-list, security firewall rule-list, security
       firewall global-rules, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
       photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
       use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.

BIG-IP							    2016-03-14				    security firewall user-list(1)