security firewall address-listΒΆ

security firewall address-listBIG-IP TMSH Mansecurity firewall address-list(1)



NAME
       address-list - Configures an address-list for use by firewall rules. An
       address list is a list of IP-address prefixes to compare against the
       source-IP address and/or destination-IP address in an IP packet.

MODULE
       security firewall

SYNTAX
   CREATE/MODIFY
	create address-list [name]
	modify address-list [[name] | all]
	 options:
	  addresses [add | delete | modify | replace-all-with] {
	   [ [ip address] ]
	  }
	  fqdns [add | delete | replace-all-with] {
	   [ fully qualified domain names]
	  }
	  fqdns none
	  geo [add | default | delete | replace-all-with] {
	   [ [country_code[:state_name/city_name] ] ]
	  }
	  geo none
	  app-service [name]
	  description [string]

	edit address-list [[name] | all]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list address-list [[name] | all | [property]]
	show running-config address-list [[name] | all | [property]]

   DELETE
	delete address-list [[name] | all]

DESCRIPTION
       You can use the address-list component to define reusable lists of
       addresses. You can use an address list in any of the following
       firewalls and firewall rule lists:  net self, net route-domain,
       security firewall global-rules, security firewall rule-list, security
       firewall management-ip-rules, and ltm virtual. A firewall rule compares
       all of the addresses in the list to either the source or destination IP
       in the packet, depending on how you apply the list. If there is a
       match, the firewall rule takes an action, such as accepting or dropping
       the packet.

EXAMPLES
       create address-list alist1 addresses add { 10.10.1.1 10.10.1.2
       192.168.24.0/24 }

       Creates a new address list, "alist1," with two IPv4 addresses and one
       IPv4 subnet.

       modify address-list alist1 addresses modify { 10.10.1.1 { description
       "management IP at wwmed site3" } }

       Modifies the above address list with a description for the first
       address.

       modify alist1 geo add { TR:Istanbul }

       Modifies the above address list with an addition of a
       country:city/state.

       modify address-list alist1 addresses add { 2001:DB8:a::/64 }

       Modifies the same address list by adding an IPv6 subnet.

	list address-list alist1
	security firewall address-list alist1 {
	   addresses {
	       10.10.1.1 {
		   description "management IP at wwmed site3"
	       }
	       10.10.1.2 { }
	       192.168.24.0/24 { }
	       2001:db8:a::/64 { }
	   }
	}

       Shows the modified address list.

       create address-list xyz fqdns add { xyz.com }

       Creates a new address list, "xyz" with a single fully qualified domain
       'xyz.com'.

       modify address-list xyz addresses add { 2001:DB8:a::/64 } fqdns add {
       abc.com }

       Modifies the same address list by adding an IPv6 subnet and another
       fully qualified domain 'abc.com'.

	list address-list xyz
	security firewall address-list xyz {
	   addresses {
	       2001:db8:a::/64 { }
	   }
	   fqdns {
	       abc.com { }
	       xyz.com { }
	   }
	}

       Shows the above address list 'xyz'.

OPTIONS
       addresses
	    Specifies a list of IP addresses and/or subnets to compare against
	    a packet's source or destination address. The format for an IPv4
	    address is a.b.c.d[/prefix]. The general format for an IPv6
	    address is a:b:c:d:e:f:g:h[/prefix]; you can shorten this by
	    eliminating leading zeros from each field (for example, you can
	    shorten "2001:0db7:3f4a:09dd:ca90:ff00:0042:8329" to
	    "2001:db7:3f4a:9dd:ca90:ff00:42:8329"), and/or by removing the
	    longest contiguous field of zeros (for example, you can shorten
	    "2001:0:0:0:c34a:0:23ff:678" to "2001::c34a:0:23ff:678"). TMSH
	    accepts any valid text representation of IPv6 addresses, as
	    defined in RFC 2373 (see ).

	    The next keyword specifies the action to take with the addresses
	    (add, delete, modify, or replace the current set of addresses).

	    add  Creates a new address list, which you specify next with IP
		 addresses and/or prefixes in curly braces ({}).

	    delete
		 Deletes the address(es) that you specify next, in curly
		 braces ({}).

	    modify
		 Makes it possible to replace the optional description(s) for
		 the address(es). You can specify a description in a nested
		 set of curly braces after each address.

	    replace-all-with
		 Replaces the current set of IP addresses with the address(es)
		 that you specify next, in curly braces ({}).

       fqdns
	    Specifies a list of fully qualified domain names to compare
	    against packet's destination IP address domain.

	    The next keyword specifies the action to take with the fqdns (add,
	    delete, or replace the current set of fqdns).

       geo  Specifies a list of geographic locations that the packet will be
	    compared against.

       app-service
	    Associates this address list with a particular Application
	    Service. An Application Service is a major component of an iApp,
	    an advanced configuration tool for creating and maintaining
	    similar applications on multiple servers. The asm module (see asm)
	    has components for working with iApps.

       description
	    Is your description for this address list.

SEE ALSO
       edit, list, modify, net self, net route-domain, security firewall
       global-rules, security firewall management-ip-rules, security firewall
       rule-list, ltm virtual, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights
       reserved.



BIG-IP				  2016-03-14 security firewall address-list(1)