net self-allow

net self-allow(1)	      BIG-IP TMSH Manual	     net self-allow(1)



NAME
       self-allow - Configures the default "allow list" for all self IP
       addresses on the BIG-IP(r) system when the option allow-service of the
       component self is set to default.

MODULE
       net

SYNTAX
       Modify the self-allow component within the net module using the syntax
       shown in the following sections.

   MODIFY
	modify self-allow
	  options:
	   defaults [all | none]
	   defaults
	     [add | delete | replace-all-with] {
	       [protocol:port] ...
	   }

	edit self-allow
	 options:
	  all-properties

   DISPLAY
	list self-allow
	show running-config self-allow
	 options:
	   all-properties
	   defaults
	   one-line

   DELETE
	You cannot delete the default allow list.

DESCRIPTION
       You can use the self-allow component to modify or display the default
       allow list for all self IP addresses on the BIG-IP system when the
       option allow-service of the component self is set to default. The
       default allow list displays which service and protocol ports allow
       connections from outside the system. The system refuses connections
       made to a service or protocol port that is not on the list.

EXAMPLES
       modify self-allow defaults all

       Sets the default allow list to all. Then, if the value of the option
       allow-service of the net self component is default, the system accepts
       traffic from all protocol port combinations.

       modify self-allow default replace-all-with { tcp:55 }

       Sets the default "allow list" for all self IP addresses on the system
       to TCP on port 55.

       list self-allow defaults

       Displays the default "allow list" for all self IP addresses on the
       system.

OPTIONS
       defaults
	    Specifies to set the default allow list to one of the following:

	    all  Specifies that all protocols and services allow connections
		 from outside the system. Use this option to open the system
		 to complete access.

	    none Specifies that no protocols or services allow connections
		 from outside the system.

	    protocol:port
		 Specifies a list of protocols/services that allow connections
		 from outside the system.

	    replace-all-with
		 Specifies to replace the current protocols and services that
		 allow connections from outside the system with the specified
		 protocols and services.

SEE ALSO
       edit, list, modify, net vlan, net vlan-group, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or
       by any means, electronic or mechanical, including photocopying,
       recording, or information storage and retrieval systems, for any
       purpose other than the purchaser's personal use, without the express
       written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2010, 2013. All rights
       reserved.



BIG-IP				  2013-04-12		     net self-allow(1)