net self-allow

net self-allow(1)				  BIG-IP TMSH Manual				    net self-allow(1)

NAME
       self-allow - Configures the default "allow list" for all self IP addresses on the BIG-IP(r) system when the
       option allow-service of the component self is set to default.

MODULE
       net

SYNTAX
       Modify the self-allow component within the net module using the syntax shown in the following sections.

   MODIFY
	modify self-allow
	  options:
	   defaults [all | none]
	   defaults
	     [add | delete | replace-all-with] {
	       [protocol:port] ...
	   }

	edit self-allow
	 options:
	  all-properties

   DISPLAY
	list self-allow
	show running-config self-allow
	 options:
	   all-properties
	   defaults
	   one-line

   DELETE
	You cannot delete the default allow list.

DESCRIPTION
       You can use the self-allow component to modify or display the default allow list for all self IP addresses on
       the BIG-IP system when the option allow-service of the component self is set to default. The default allow
       list displays which service and protocol ports allow connections from outside the system. The system refuses
       connections made to a service or protocol port that is not on the list.

EXAMPLES
       modify self-allow defaults all

       Sets the default allow list to all. Then, if the value of the option allow-service of the net self component
       is default, the system accepts traffic from all protocol port combinations.

       modify self-allow default replace-all-with { tcp:55 }

       Sets the default "allow list" for all self IP addresses on the system to TCP on port 55.

       list self-allow defaults

       Displays the default "allow list" for all self IP addresses on the system.

OPTIONS
       defaults
	    Specifies to set the default allow list to one of the following:

	    all  Specifies that all protocols and services allow connections from outside the system. Use this option
		 to open the system to complete access.

	    none Specifies that no protocols or services allow connections from outside the system.

	    protocol:port
		 Specifies a list of protocols/services that allow connections from outside the system.

	    replace-all-with
		 Specifies to replace the current protocols and services that allow connections from outside the
		 system with the specified protocols and services.

SEE ALSO
       edit, list, modify, net vlan, net vlan-group, show, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008-2010, 2013. All rights reserved.

BIG-IP						      2013-04-12				    net self-allow(1)