security ip-intelligence feed-list
security ip-intelligence feed-BIG-IP)TMSHsecurity ip-intelligence feed-list(1)
NAME
feed-list - Configures a feed-list for use by firewall. A feed-list is
a list of URL feeds from where files are downloaded and the contents
(IP-address prefixes) are compared against the source-IP address and/or
destination-IP address in an IP packet by DWBL (Dynamic White/Black
lists) by IP-Intelligence.
MODULE
security ip-intelligence
SYNTAX
Configure the feed-list component within the security ip-intelligence
module using the syntax in the following sections.
CREATE/MODIFY
create feed-list [name]
modify feed-list [[name] | all]
options:
feeds [add | delete | modify | replace-all-with] {
name [string] {
options:
default-blacklist-category [string]
default-list-type [whitelist | blacklist]
poll {
interval [integer]
user [string]
url [string]
password [string]
}
}
}
app-service [name]
description [string]
edit feed-list [[name] | all]
options:
all-properties
non-default-properties
load feed-list [[name] | all] feeds { name [string] }
DISPLAY
list feed-list [[name] | all | [property]]
show running-config feed-list [[name] | all | [property]]
options:
all-properties
non-default-properties
one-line
partition
recursive
DELETE
delete feed-list [[name] | all]
DESCRIPTION
You can use the feed-list component to define reusable lists of feeds.
You can use a feed list in a security ip-intelligence policy. A policy
compares all of the addresses in the list (downloaded from a file at
the specified url) to either the source or destination IP in the
packet, depending on how you apply the list. If there is a match, the
ip-intelligence policy takes an action, such as accepting or dropping
the packet.
EXAMPLES
create feed-list alist1 feeds add { poll { url http://f5.com/bl.txt }
Creates a new feed list, "alist1," with IPv4/IPv6 addresses in the file
downloaded from the specified url.
modify feed-list alist1 feeds modify { description "DWBL file from
f5.com" }
Modifies the above feed list with a description.
modify feed-list alist1 feeds modify { poll { url https://f5.com/bl.txt
}
Modifies the same feed by changing the protocol.
list feed-list alist1
security ip-intelligence feed-list alist1 {
feeds {
url2 {
poll {
url https://f5.com/bl.txt
user user1
password user1_pwd
}
}
description "DWBL file from f5.com"
}
}
Shows the modified feed list.
load feed-list alist1 alist2 feeds { feed1 feed2 }
Immediately downloads and updates feeds feed1 and feed2 of feed lists
alist1 and alist2.
OPTIONS
feeds
Adds, deletes, or replaces feeds. You can configure the following
options for a feed:
name Specifies a name for a feed. This option is required for the
operations create, delete, modify, and replace-all-with.
add Creates a new feed list.
delete
Deletes the feed list that you specify next, in curly braces
({}).
modify
Makes it possible to replace the optional description(s) for
the feed list.
replace-all-with
Replaces the current set of feed list with the a new one that
you specify next, in curly braces ({}).
default-list-type
Specifies a default type for this specific entry whether
it is a blacklist or whitelist
whitelist
Specifies that this entry is a whitelist.
blacklist
Specifies that this entry is a blacklist.
default-blacklist-category
Default blacklist category type for all blacklist
entries that do not have a corresponding category string
(eg. Botnet, Spyware, Malware)
poll You can configure the following options under this:
interval
Specifies the frequency at which the url needs to
be polled.
user Specifies the user which is used when downloading
the url.
url Specifies the URL from where the white/black list
will be downloaded. Note: Route domains are not
supported when specifying the url.
password
Password for the user.
default-list-type
Specifies a default type for this specific entry whether it
is a blacklist or whitelist
whitelist
Specifies that this entry is a whitelist.
blacklist
Specifies that this entry is a blacklist.
app-service
Specifies the application service to which the object
belongs. The default value is none. Note: If the strict-
updates option is enabled on the Application Service that
owns the object, you cannot modify or delete the object. Only
the Application Service can modify or delete the object.
default-blacklist-category
Default blacklist category type for all blacklist entries
that do not have a corresponding category string (eg. Botnet,
Spyware, Malware)
description
User defined description for this feed list.
partition
Displays the administrative partition within which the
component resides.
SEE ALSO
edit, list, modify, net self, net route-domain, security ip-
intelligence global-policy, security ip-intelligence, ltm virtual, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights
reserved.
BIG-IP 2016-03security ip-intelligence feed-list(1)