security ip-intelligence policy
security ip-intelligence policBIG-IP TMSH Masecurity ip-intelligence policy(1)
NAME
policy - Configures an ip-intelligence policy. It's comprised of three
logical groups of settings: list of feed lists, enforcement and logging
settings per blacklist category, and default enforcement and logging
settings for blacklist categories.
MODULE
security ip-intelligence
SYNTAX
Configure the policy component within the security ip-intelligence
module using the syntax in the following sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [name]
description [string]
blacklist-categories [add | default | delete | replace-all-with] {
[name] {
action [accept | drop | use-policy-setting]
app-service none
description none
log-blacklist-hit-only [no | yes | use-policy-setting]
log-blacklist-whitelist-hit [no | yes | use-policy-setting]
match-direction-override [match-destination | match-source | match-source-and-destination]
}
}
feed-lists [add | default | delete | replace-all-with] { [name] }
default-action [accept | drop]
default-log-blacklist-hit-only [ no | yes ]
default-log-blacklist-whitelist-hit [ no | yes ]
edit policy
options:
all-properties
non-default-properties
DISPLAY
list policy [ [ [name] | [glob] | [regex] ] ... ]
show running-config policy
show running-config policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
recursive
DESCRIPTION
You can use the policy component to configure a shareable and reusable
enforcement and logging settings on Dynamic White/Black lists of IPs
coming from downloaded feeds. The policy can then be enforced on a
number of configuration objects of the following types: ltm virtual,
security ip-intelligence global-policy, net route-domain.
EXAMPLES
create policy pol1 {
blacklist-categories add {
Spyware {
action use-policy-setting
app-service none
description none
log-blacklist-hit-only use-policy-setting
log-blacklist-whitelist-hit yes
}
}
feed-lists add { alist1 alist2 }
default-action drop
default-log-blacklist-hit-only yes
default-log-blacklist-whitelist-hit no
description none
feed-lists none
partition Common }
Creates a policy pol1 with feeds from alist1 and alist2 feed lists,
specific enforcement and logging settings for Spyware blacklist
category and policy default settings for other categories.
modify policy pol1 { feed-lists delete { alist2 } }
Removes the feed-list alist2 from the policy pol1.
list policy
Displays the current list of ip-intelligence policies contents.
OPTIONS
app-service
Specifies the application service to which the object belongs. The
default value is none. Note: If the strict-updates option is
enabled on the Application Service that owns the object, you
cannot modify or delete the object. Only the Application Service
can modify or delete the object.
description
User defined description.
partition
Displays the administrative partition within which the component
resides.
blacklist-categories
Adds, deletes, or replaces blacklist categories.
action
Specifies what enforcement action will be applied if the
packet is categorized with this blacklist category. If the
packet is categorized with more than one blacklists the most
restrictive action will be applied.
log-blacklist-hit-only
Specifies if a log message will be generated if the packet is
categorized with this blacklist and the packet's IP listed in
no whitelists.
match-direction-override
Overrides the current IP match direction setting for a
category. If this value has not been overridden, it will be
set to the value of the parent category's bl-match-direction
at the time that the category was added to the policy.
log-blacklist-whitelist-hit
Specifies if a log message will be generated if the packet is
categorized with this blacklist and the packet's IP is listed
in a whitelist.
feed-lists
Adds, deletes, or replaces a feed list. Specifies a list of feed
lists (see security ip-intelligence feed-list) against which the
packet will be compared.
default-action
Specifies a default enforcement action which will be performed on
the matched packet unless an implicit action specified for one of
the blacklist categories the packet's IP is categorized with. If
the packet's IP is listed in a white list the action is always
accept.
default-log-blacklist-hit-only
Specifies a default blacklist hit only logging action which will
be performed on the matched packet unless an implicit action
specified for one of the blacklist categories the packet's IP is
categorized with.
default-log-blacklist-whitelist-hit
Specifies a default blacklist and whitelist hit logging action
which will be performed on the matched packet unless an implicit
action specified for one of the blacklist categories the packet's
IP is categorized with.
SEE ALSO
create, edit, list, modify, security ip-intelligence feed-list,
security log profile, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All
rights reserved.
BIG-IP 2016-03-14security ip-intelligence policy(1)