security firewall address-list
security firewall address-list(1) BIG-IP TMSH Manual security firewall address-list(1)
NAME
address-list - Configures an address-list for use by firewall rules. An address list is a list of IP-address
prefixes to compare against the source-IP address and/or destination-IP address in an IP packet.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create address-list [name]
modify address-list [[name] | all]
options:
addresses [add | delete | modify | replace-all-with] {
[ [ip address] ]
}
fqdns [add | delete | replace-all-with] {
[ fully qualified domain names]
}
fqdns none
geo [add | default | delete | replace-all-with] {
[ [country_code[:state_name/city_name] ] ]
}
geo none
app-service [name]
description [string]
edit address-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list address-list [[name] | all | [property]]
show running-config address-list [[name] | all | [property]]
DELETE
delete address-list [[name] | all]
DESCRIPTION
You can use the address-list component to define reusable lists of addresses. You can use an address list in
any of the following firewalls and firewall rule lists: net self, net route-domain, security firewall global-
rules, security firewall rule-list, security firewall management-ip-rules, and ltm virtual. A firewall rule
compares all of the addresses in the list to either the source or destination IP in the packet, depending on
how you apply the list. If there is a match, the firewall rule takes an action, such as accepting or dropping
the packet.
EXAMPLES
create address-list alist1 addresses add { 10.10.1.1 10.10.1.2 192.168.24.0/24 }
Creates a new address list, "alist1," with two IPv4 addresses and one IPv4 subnet.
modify address-list alist1 addresses modify { 10.10.1.1 { description "management IP at wwmed site3" } }
Modifies the above address list with a description for the first address.
modify alist1 geo add { TR:Istanbul }
Modifies the above address list with an addition of a country:city/state.
modify address-list alist1 addresses add { 2001:DB8:a::/64 }
Modifies the same address list by adding an IPv6 subnet.
list address-list alist1
security firewall address-list alist1 {
addresses {
10.10.1.1 {
description "management IP at wwmed site3"
}
10.10.1.2 { }
192.168.24.0/24 { }
2001:db8:a::/64 { }
}
}
Shows the modified address list.
create address-list xyz fqdns add { xyz.com }
Creates a new address list, "xyz" with a single fully qualified domain 'xyz.com'.
modify address-list xyz addresses add { 2001:DB8:a::/64 } fqdns add { abc.com }
Modifies the same address list by adding an IPv6 subnet and another fully qualified domain 'abc.com'.
list address-list xyz
security firewall address-list xyz {
addresses {
2001:db8:a::/64 { }
}
fqdns {
abc.com { }
xyz.com { }
}
}
Shows the above address list 'xyz'.
OPTIONS
addresses
Specifies a list of IP addresses and/or subnets to compare against a packet's source or destination
address. The format for an IPv4 address is a.b.c.d[/prefix]. The general format for an IPv6 address is
a:b:c:d:e:f:g:h[/prefix]; you can shorten this by eliminating leading zeros from each field (for example,
you can shorten "2001:0db7:3f4a:09dd:ca90:ff00:0042:8329" to "2001:db7:3f4a:9dd:ca90:ff00:42:8329"),
and/or by removing the longest contiguous field of zeros (for example, you can shorten
"2001:0:0:0:c34a:0:23ff:678" to "2001::c34a:0:23ff:678"). TMSH accepts any valid text representation of
IPv6 addresses, as defined in RFC 2373 (see ).
The next keyword specifies the action to take with the addresses (add, delete, modify, or replace the
current set of addresses).
add Creates a new address list, which you specify next with IP addresses and/or prefixes in curly braces
({}).
delete
Deletes the address(es) that you specify next, in curly braces ({}).
modify
Makes it possible to replace the optional description(s) for the address(es). You can specify a
description in a nested set of curly braces after each address.
replace-all-with
Replaces the current set of IP addresses with the address(es) that you specify next, in curly braces
({}).
fqdns
Specifies a list of fully qualified domain names to compare against packet's destination IP address
domain.
The next keyword specifies the action to take with the fqdns (add, delete, or replace the current set of
fqdns).
geo Specifies a list of geographic locations that the packet will be compared against.
app-service
Associates this address list with a particular Application Service. An Application Service is a major
component of an iApp, an advanced configuration tool for creating and maintaining similar applications on
multiple servers. The asm module (see asm) has components for working with iApps.
description
Is your description for this address list.
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall global-rules, security firewall management-
ip-rules, security firewall rule-list, ltm virtual, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 security firewall address-list(1)