apm acl

apm acl(1)		      BIG-IP TMSH Manual		    apm acl(1)



NAME
       acl - Manages an access control list (ACL).

MODULE
       apm

SYNTAX
       Configure the acl component within the apm module using the syntax
       shown in the following sections.

   CREATE/MODIFY
	create acl [name]
	modify acl [name]
	  options:
	    acl-order [integer]
	    app-service [[string] | none]
	    description [[string] | none]
	    entries {
	      {
		options:
		  action [allow | continue | discard | reject | unspec]
		  dst-end-port [[service] | none]
		  dst-start-port [[service] | none]
		  dst-subnet [[ip addr] | [[ip addr] [mask]]
		  host [[string] | none]
		  log [config | none | packet | summary | verbose]
		  paths [[string] | none]
		  protocol [integer]
		  scheme [any | http | https}
		  src-end-port [[service] | none]
		  src-start-port [[service] | none]
		  src-subnet [[ip addr] | [[ip addr] [mask]]
	      }
	    }
	    location-specific [true | false]
	    path-match-case [false | true]
	    type [dynamic | static]

   DISPLAY
	list acl
	list acl [ [ [name] | [glob] | [regex] ] ... ]
	   options:
	     all-properties
	     non-default-properties
	     partition

	show acl
	show acl [ [ [name] | [regex] ] ... ]
	  options:
	    (default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
	    field-fmt

   DELETE
	delete acl [name]

DESCRIPTION
       You can use the acl component to configure a set of restrictions
       associated with a resource or favorite that defines access for users
       and groups.

EXAMPLES
       create acl MyACL { acl-order 3 entries src-start-port ip default inet
       dst-end-port ip default inet action allow }
	    Creates the static access control list named MyACL that is the
	    third ACL in the list of ACLs in the visual policy editor, and
	    adds an access control entry that allows traffic using the default
	    source IP address and the default destination IP address.

       list acl all-properties
	    Displays a list of ACLs that includes the attributes of each ACL.

       delete acl MyACL
	    Deletes the MyACL access control list.

OPTIONS
       acl-order
	    Specifies the order of the access control entries in this access
	    control list. This option is required.

       app-service
	    Specifies the name of the application service to which the object
	    belongs. The default value is none. Note: If the strict-updates
	    option is enabled on the application service that owns the object,
	    you cannot modify or delete the object. Only the application
	    service can modify or delete the object.

       description
	    Describes the access control list.

       entries
	    Configures an entry for an access control list.

	    action
		 Specifies the action that an access control list takes when
		 this access control list entry is encountered.  This option
		 is required. You can specify one of the following actions:

		 allow
		      Allows traffic.

		 continue
		      Skips checking against the remaining access control list
		      entries in this access control list, and continues
		      evaluation at the next access control list.

		 discard
		      Drops packets silently.

		 reject
		      Drops a packet and sends TCP RST on TCP flows or proper
		      ICMP messages on UDP flows. Silently drops a packet on
		      other protocols.

	    dst-end-port
		 Specifies the destination IP address and network mask of the
		 access control list entry. The default is 0.

	    dst-start-port
		 Specifies the source port or range of ports of the access
		 control list entry.

	    dst-subnet
		 Specifies the destination subnet.

	    host Specifies the host name of the access control list entry.

	    location-specific
		 Specifies whether or not this object contains one or more
		 attributes with values that are specific to the location
		 where the BIG-IP device resides. The location-specific
		 attribute is either true or false. When using policy sync,
		 mark an object as location-specific to prevent errors that
		 can occur when policies reference objects, such as
		 authentication servers, that are specific to a certain
		 location.

	    log  Specifies the log level that is logged when actions of this
		 type occur. Your options are:

		 config
		      Logs the configuration of a matched entry.

		 none Logs nothing. This is the default value.

		 packet
		      Logs a matched packet.

		 summary
		      Logs the name and entry number of a matched access
		      control list and access control list entry.

		 verbose
		      Logs everything.

	    paths
		 Specifies an L7 access control list of matching URL paths.

	    protocol
		 Specifies the protocol number (TCP=6, UDP=17) of the access
		 control list entry. The default is 0.

	    src-end-port
		 Specifies the source IP address and network mask of the
		 access control list entry.

	    src-start-port
		 Specifies the source port or range of ports of the access
		 control list entry.

	    src-subnet
		 Specifies the source subnet.

       [name]
	    Specifies the name of the access control list. This setting is
	    required.

       partition
	    Displays the partition within which the object resides. The
	    default is Common.

       path-match-case
	    Indicates whether the path is case sensitive. The default is true.

       type Specifies the type of access control list. The default is static.
	    The available types are static and dynamic.

SEE ALSO
COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2011-2012. All rights reserved.



BIG-IP				  2016-08-12			    apm acl(1)