security firewall port-list
security firewall port-list(1) BIG-IP TMSH Manual security firewall port-list(1)
NAME
port-list - Configures a port-list for use by firewall rules. A firewall rule can match a packet's source port
or destination port against one of the ports in a port list, and can take some action (such as ACCEPT or DROP)
for a matching packet.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create port-list [name]
modify port-list [[name] | all]
options:
app-service [name]
description [string]
ports [add | delete | modify | replace-all-with] {
[ [port] | [port] - [port] ]
}
edit port-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list port-list [[name] | all | [property]]
show running-config port-list [[name] | all | [property]]
DELETE
delete port-list [[name] | all]
DESCRIPTION
You can use the port-list component to define reusable lists of ports for various firewall rules. The network
software compares a packet's source port and/or destination port against ports in this list. You can assign a
port list to the firewall rules in net self, net route-domain, security firewall global-rules, security
firewall rule-list, sys management-ip, and ltm virtual firewall rules.
EXAMPLES
create port-list p-list1 ports add { 80 }
Creates a new port list with one entry.
list port-list
security firewall port-list _sys_self_allow_tcp_defaults {
ports {
domain { }
f5-iquery { }
https { }
snmp { }
ssh { }
}
}
security firewall port-list _sys_self_allow_udp_defaults {
ports {
520 { }
cap { }
domain { }
f5-iquery { }
snmp { }
}
}
security firewall port-list p-list1 {
ports {
http { }
}
}
Shows all the port lists, including the one created in the previous example.
OPTIONS
app-service
Associates this port list with a particular Application Service. An Application Service is a major
component of an iApp, an advanced configuration tool for creating and maintaining similar applications on
multiple servers. The asm module has components for working with iApps.
description
Your description for the port list.
ports
Specifies a list of ports to compare against a packet's source or destination port. Use one of the
keywords below and then specify the port(s) to add or delete. Specify ranges of ports with a dash between
the two ends of the range (for example, 80-88).
add Creates a new port list, which you specify next with port numbers in curly braces ({}).
delete
Deletes the port(s) that you specify next, in curly braces ({}).
modify
Is not supported for this component.
replace-all-with
Replaces the current set of ports with the port(s) that you specify next, in curly braces ({}).
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall address-list, security firewall rule-list,
security firewall global-rules, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 security firewall port-list(1)