security firewall matching-rule
security firewall matching-rulBIG-IP TMSH Masecurity firewall matching-rule(1)
NAME
matching-rule - Shows the best match firewall rule amongst all the
admin configured Network Firewall rules in different contexts (global,
route-domain, VIP/SelfIP) given source/destination IP address and port,
protocol and user configured vlan name. You can only use the show
command with this component.
MODULE
security firewall
SYNTAX
show matching-rule
dest-addr [IP address]
source-addr [IP address]
dest-port [TCP/UDP port]
source-port [TCP/UDP port]
protocol [protocol]
vlan [vlan name]
DESCRIPTION
With user provided VLAN, source/destination IP addresses, TCP/UDP ports
and protocol, the command will try to match these parameters against
user configured ACL rules in global, route domain, VIP/SelfIP context,
and return the best match rules. Both IPv4 and IPv6 addresses and all
possible protocols are supported. This command can be used as a
diagnostic tool to trouble-shoot BigIP firewall configuration problem.
It provides a faster way to identify which ACL rule will have impact to
the specified packet stream.
EXAMPLES
# show security firewall matching-rule dest-addr 1.1.1.1 dest-port 140
source-addr 2.2.2.2 source-port 141 protocol 10 vlan /Common/internal
Firewall Matching Rule:
-----------------------------------------------------------
Context Type Context Name Policy Name Rule Name Action
-----------------------------------------------------------
Global globalrule Accept
Total records returned: 1
SEE ALSO
show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.
BIG-IP 2013-04-09security firewall matching-rule(1)