security firewall user-listΒΆ

security firewall user-list(1)BIG-IP TMSH Manualsecurity firewall user-list(1)



NAME
       user-list - Configures a user-list for use by firewall rules. A
       firewall rule can match a packet sourced from a particular user against
       one of the users or user-groups in a user list, and can take some
       action (such as ACCEPT or DROP) for a matching packet. An incoming
       packet's source IP address is matched in user identity database to get
       the user and group properties which are then used to perform the rule
       match.

MODULE
       security firewall

SYNTAX
   CREATE/MODIFY
	create user-list [name]
	modify user-list [[name] | all]
	 options:
	  app-service [name]
	  description [string]
	  user-groups [add | delete | modify | replace-all-with] {
	   [ [user group names...] ]
	  }
	  users [add | delete | modify | replace-all-with] {
	   [ [user names...] ]
	  }

	edit user-list [[name] | all]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list user-list [[name] | all | [property]]

   DELETE
	delete user-list [[name] | all]

DESCRIPTION
       You can use the user-list component to define reusable lists of user or
       user-group names for various firewall rules. The network software
       compares a packet's source user (mapped by incoming source IP address)
       and group that user belong to, against users (or user-groups) in this
       list. You can assign a user list to the firewall rules in net self, net
       route-domain, security firewall global-rules, security firewall rule-
       list, and ltm virtual firewall rules.

EXAMPLES
       create user-list u-list1 users add { olympus\xyz }

       Creates a new user list named u-list1 with one user named xyz in domain
       olympus.

       create user-list u-list2 user-groups add { olympus\eng }

       Creates a new user list named u-list2 with one group named eng in
       domain olympus.

       list user-list

       Shows all the user lists configured in the system.

OPTIONS
       app-service
	    Associates this user list with a particular Application Service.
	    An Application Service is a major component of an iApp, an
	    advanced configuration tool for creating and maintaining similar
	    applications on multiple servers. The asm module has components
	    for working with iApps.

       description
	    Your description for the user list.

       user-groups
	    Specifies a list of user groups to compare against the groups a
	    user belongs to (which is mapped from the source IP address).

       users
	    Specifies a list of users to compare against a packet's source
	    user (which is mapped from the source IP address).

SEE ALSO
       edit, list, modify, net self, net route-domain, security firewall
       address-list, security firewall rule-list, security firewall global-
       rules, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All
       rights reserved.



BIG-IP				  2016-03-14	security firewall user-list(1)