security firewall matching-rule
security firewall matching-rule(1) BIG-IP TMSH Manual security firewall matching-rule(1)
NAME
matching-rule - Shows the best match firewall rule amongst all the admin configured Network Firewall rules in
different contexts (global, route-domain, VIP/SelfIP) given source/destination IP address and port, protocol
and user configured vlan name. You can only use the show command with this component.
MODULE
security firewall
SYNTAX
show matching-rule
dest-addr [IP address]
source-addr [IP address]
dest-port [TCP/UDP port]
source-port [TCP/UDP port]
protocol [protocol]
vlan [vlan name]
DESCRIPTION
With user provided VLAN, source/destination IP addresses, TCP/UDP ports and protocol, the command will try to
match these parameters against user configured ACL rules in global, route domain, VIP/SelfIP context, and
return the best match rules. Both IPv4 and IPv6 addresses and all possible protocols are supported. This
command can be used as a diagnostic tool to trouble-shoot BigIP firewall configuration problem. It provides a
faster way to identify which ACL rule will have impact to the specified packet stream.
EXAMPLES
# show security firewall matching-rule dest-addr 1.1.1.1 dest-port 140 source-addr 2.2.2.2 source-port 141
protocol 10 vlan /Common/internal
Firewall Matching Rule:
-----------------------------------------------------------
Context Type Context Name Policy Name Rule Name Action
-----------------------------------------------------------
Global globalrule Accept
Total records returned: 1
SEE ALSO
show, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2013. All rights reserved.
BIG-IP 2013-04-09 security firewall matching-rule(1)