security firewall user-listΒΆ

security firewall user-list(1)			  BIG-IP TMSH Manual		       security firewall user-list(1)

NAME
       user-list - Configures a user-list for use by firewall rules. A firewall rule can match a packet sourced from
       a particular user against one of the users or user-groups in a user list, and can take some action (such as
       ACCEPT or DROP) for a matching packet. An incoming packet's source IP address is matched in user identity
       database to get the user and group properties which are then used to perform the rule match.

MODULE
       security firewall

SYNTAX
   CREATE/MODIFY
	create user-list [name]
	modify user-list [[name] | all]
	 options:
	  app-service [name]
	  description [string]
	  user-groups [add | delete | modify | replace-all-with] {
	   [ [user group names...] ]
	  }
	  users [add | delete | modify | replace-all-with] {
	   [ [user names...] ]
	  }

	edit user-list [[name] | all]
	  options:
	    all-properties
	    non-default-properties

   DISPLAY
	list user-list [[name] | all | [property]]

   DELETE
	delete user-list [[name] | all]

DESCRIPTION
       You can use the user-list component to define reusable lists of user or user-group names for various firewall
       rules. The network software compares a packet's source user (mapped by incoming source IP address) and group
       that user belong to, against users (or user-groups) in this list. You can assign a user list to the firewall
       rules in net self, net route-domain, security firewall global-rules, security firewall rule-list, and ltm
       virtual firewall rules.

EXAMPLES
       create user-list u-list1 users add { olympus\xyz }

       Creates a new user list named u-list1 with one user named xyz in domain olympus.

       create user-list u-list2 user-groups add { olympus\eng }

       Creates a new user list named u-list2 with one group named eng in domain olympus.

       list user-list

       Shows all the user lists configured in the system.

OPTIONS
       app-service
	    Associates this user list with a particular Application Service. An Application Service is a major
	    component of an iApp, an advanced configuration tool for creating and maintaining similar applications on
	    multiple servers. The asm module has components for working with iApps.

       description
	    Your description for the user list.

       user-groups
	    Specifies a list of user groups to compare against the groups a user belongs to (which is mapped from the
	    source IP address).

       users
	    Specifies a list of users to compare against a packet's source user (which is mapped from the source IP
	    address).

SEE ALSO
       edit, list, modify, net self, net route-domain, security firewall address-list, security firewall rule-list,
       security firewall global-rules, tmsh

COPYRIGHT
       No part of this program may be reproduced or transmitted in any form or by any means, electronic or
       mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
       other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

       F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.

BIG-IP						      2016-03-14		       security firewall user-list(1)