security firewall port-list
security firewall port-list(1)BIG-IP TMSH Manualsecurity firewall port-list(1)
NAME
port-list - Configures a port-list for use by firewall rules. A
firewall rule can match a packet's source port or destination port
against one of the ports in a port list, and can take some action (such
as ACCEPT or DROP) for a matching packet.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create port-list [name]
modify port-list [[name] | all]
options:
app-service [name]
description [string]
ports [add | delete | modify | replace-all-with] {
[ [port] | [port] - [port] ]
}
edit port-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list port-list [[name] | all | [property]]
show running-config port-list [[name] | all | [property]]
DELETE
delete port-list [[name] | all]
DESCRIPTION
You can use the port-list component to define reusable lists of ports
for various firewall rules. The network software compares a packet's
source port and/or destination port against ports in this list. You can
assign a port list to the firewall rules in net self, net route-domain,
security firewall global-rules, security firewall rule-list, sys
management-ip, and ltm virtual firewall rules.
EXAMPLES
create port-list p-list1 ports add { 80 }
Creates a new port list with one entry.
list port-list
security firewall port-list _sys_self_allow_tcp_defaults {
ports {
domain { }
f5-iquery { }
https { }
snmp { }
ssh { }
}
}
security firewall port-list _sys_self_allow_udp_defaults {
ports {
520 { }
cap { }
domain { }
f5-iquery { }
snmp { }
}
}
security firewall port-list p-list1 {
ports {
http { }
}
}
Shows all the port lists, including the one created in the previous
example.
OPTIONS
app-service
Associates this port list with a particular Application Service.
An Application Service is a major component of an iApp, an
advanced configuration tool for creating and maintaining similar
applications on multiple servers. The asm module has components
for working with iApps.
description
Your description for the port list.
ports
Specifies a list of ports to compare against a packet's source or
destination port. Use one of the keywords below and then specify
the port(s) to add or delete. Specify ranges of ports with a dash
between the two ends of the range (for example, 80-88).
add Creates a new port list, which you specify next with port
numbers in curly braces ({}).
delete
Deletes the port(s) that you specify next, in curly braces
({}).
modify
Is not supported for this component.
replace-all-with
Replaces the current set of ports with the port(s) that you
specify next, in curly braces ({}).
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall
address-list, security firewall rule-list, security firewall global-
rules, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights
reserved.
BIG-IP 2016-03-14 security firewall port-list(1)