ltm rule
ltm rule(1) BIG-IP TMSH Manual ltm rule(1)
NAME
rule - Configures an iRule for traffic management system configuration.
MODULE
ltm
SYNTAX
Configure the rule component within the ltm module using the syntax shown in the following sections.
CREATE/MODIFY
create rule [name]
edit rule [name]
modify rule [ [ [name] | [glob] | [regex] ] ... ]
Note: When using tmsh, you can only create iRules using the editor, which starts when you use the create or
edit commands. You cannot create an iRule directly on the command line. The vim editor applies the autoindent
and smartindent options. You can toggle on/off paste mode using the F12 key.
Note: You can also edit user metadata associated with an iRule. See the example section for more information.
DISPLAY
list rule
list rule [ [ [name] | [glob] | [regex] ] ... ]
show running-config rule
show running-config rule [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
show rule
show rule [ [ [name] | [glob] | [regex] ] ... ]
options:
(default | exa | gig | kil | meg | peta | raw | tera | yotta | zetta)
field-fmt
mv rule [ [[source-name] [destination-name]] | [[name] to-folder [folder-name]] | [[name...name] to-folder [folder-name]] ]
options:
to-folder
DELETE
delete rule [name]
GENERATE
generate rule [name]
options:
checksum
signature
HELP help rule help rule [ command | event | namespace ] [name]
DESCRIPTION
You cannot edit the system rules that come with the BIG-IP system. However, you can open a system rule in the
editor and use it as a template to create a new rule.
To create a new rule using a system rule as a template:
1. Enter the command sequence edit rule [system rule name].
tmsh opens the system rule in an editor.
2. Change the name of the rule in the editor.
3. Edit the rule and exit the editor.
tmsh checks for syntax errors, and if there are none, it saves the new rule.
For more information about iRules(r), see http://devcentral.f5.com/.
EXAMPLES
list rule
Displays all iRules.
delete rule my_irule
Deletes the iRule named my_irule.
rule my_irule {
when RULE_INIT {
}
priority 1
when SERVER_CONNECTED {
}
timing on
check strict
}
Creates an iRule named my_irule.
generate rule my_irule checksum
Generates a checksum for the rule definition and adds the checksum to the rule.
generate rule my_irule signature signing-key my_key
Generates a signature for the rule definition using the specified private key and adds the signature to the
rule.
Note: For a rule that includes a checksum or signature to successfully load, the rule definition contents must
match the stored checksum or signature. To modify the rule definition and still retain the checksum or
signature, the ignore-verification attribute must be set to true. This is done by editing the rule and adding
the ignore-verification attribute, which allows the modified rule to load and changes the verification status
to Not Verified:
rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
ignore-verification true }
Modifies an existing iRule named my_irule by adding a new metadata and modifying an existing metadata:
modify rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
metadata replace-all-with {
my_meta { persist false
value "hello"
}
my_meta2 { persist false
value "hello 2"
}
} }
The metadata attribute is the user defined key/value pair. Metadata has the following format:
metadata
[add | delete | modify] {
[metadata_name] {
value [ "value content" ]
persist [ true | false ]
} }>
Deletes a metadata from an iRule:
modify rule my_irule {
when RULE_INIT {}
definition-checksum 7c0dba9aa53e8959042c6cfe041d3d11
metadata delete { my_meta } }
mv /ltm rule /Common/my_rule to-folder /Common/some_folder
Moves an iRule named my_rule to the folder named some_folder, where some_folder has already been created under
/Common.
Note: Please note that you may not move an iRule that has an explicit usage of a configuration object, such as
a pool.
OPTIONS
checksum
Generates a checksum for the rule definition and adds the checksum to the rule. This option is used only
with the generate command.
glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.
name Specifies a unique name for the component. This option is required for the create, delete, and modify
commands.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.
signature
Generates a signature for the rule definition using the specified private key and adds the signature to
the rule as a property. This option is used only with the generate command.
signing-key
Specifies the private key to use for signing the rule. This is used only with the signature option.
meta-data
Specifies the user-defined key/value pair associated with the rule. See the example section for usage
format.
app-project
Specifies the dev plugin this rule belongs to. This is a read-only attribute.
SEE ALSO
create, delete, edit, generate, glob, list, modify, mv, regex, show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2013. All rights reserved.
BIG-IP 2015-10-07 ltm rule(1)