security firewall user-list
security firewall user-list(1)BIG-IP TMSH Manualsecurity firewall user-list(1)
NAME
user-list - Configures a user-list for use by firewall rules. A
firewall rule can match a packet sourced from a particular user against
one of the users or user-groups in a user list, and can take some
action (such as ACCEPT or DROP) for a matching packet. An incoming
packet's source IP address is matched in user identity database to get
the user and group properties which are then used to perform the rule
match.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create user-list [name]
modify user-list [[name] | all]
options:
app-service [name]
description [string]
user-groups [add | delete | modify | replace-all-with] {
[ [user group names...] ]
}
users [add | delete | modify | replace-all-with] {
[ [user names...] ]
}
edit user-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list user-list [[name] | all | [property]]
DELETE
delete user-list [[name] | all]
DESCRIPTION
You can use the user-list component to define reusable lists of user or
user-group names for various firewall rules. The network software
compares a packet's source user (mapped by incoming source IP address)
and group that user belong to, against users (or user-groups) in this
list. You can assign a user list to the firewall rules in net self, net
route-domain, security firewall global-rules, security firewall rule-
list, and ltm virtual firewall rules.
EXAMPLES
create user-list u-list1 users add { olympus\xyz }
Creates a new user list named u-list1 with one user named xyz in domain
olympus.
create user-list u-list2 user-groups add { olympus\eng }
Creates a new user list named u-list2 with one group named eng in
domain olympus.
list user-list
Shows all the user lists configured in the system.
OPTIONS
app-service
Associates this user list with a particular Application Service.
An Application Service is a major component of an iApp, an
advanced configuration tool for creating and maintaining similar
applications on multiple servers. The asm module has components
for working with iApps.
description
Your description for the user list.
user-groups
Specifies a list of user groups to compare against the groups a
user belongs to (which is mapped from the source IP address).
users
Specifies a list of users to compare against a packet's source
user (which is mapped from the source IP address).
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall
address-list, security firewall rule-list, security firewall global-
rules, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All
rights reserved.
BIG-IP 2016-03-14 security firewall user-list(1)