security firewall user-list
security firewall user-list(1) BIG-IP TMSH Manual security firewall user-list(1)
NAME
user-list - Configures a user-list for use by firewall rules. A firewall rule can match a packet sourced from
a particular user against one of the users or user-groups in a user list, and can take some action (such as
ACCEPT or DROP) for a matching packet. An incoming packet's source IP address is matched in user identity
database to get the user and group properties which are then used to perform the rule match.
MODULE
security firewall
SYNTAX
CREATE/MODIFY
create user-list [name]
modify user-list [[name] | all]
options:
app-service [name]
description [string]
user-groups [add | delete | modify | replace-all-with] {
[ [user group names...] ]
}
users [add | delete | modify | replace-all-with] {
[ [user names...] ]
}
edit user-list [[name] | all]
options:
all-properties
non-default-properties
DISPLAY
list user-list [[name] | all | [property]]
DELETE
delete user-list [[name] | all]
DESCRIPTION
You can use the user-list component to define reusable lists of user or user-group names for various firewall
rules. The network software compares a packet's source user (mapped by incoming source IP address) and group
that user belong to, against users (or user-groups) in this list. You can assign a user list to the firewall
rules in net self, net route-domain, security firewall global-rules, security firewall rule-list, and ltm
virtual firewall rules.
EXAMPLES
create user-list u-list1 users add { olympus\xyz }
Creates a new user list named u-list1 with one user named xyz in domain olympus.
create user-list u-list2 user-groups add { olympus\eng }
Creates a new user list named u-list2 with one group named eng in domain olympus.
list user-list
Shows all the user lists configured in the system.
OPTIONS
app-service
Associates this user list with a particular Application Service. An Application Service is a major
component of an iApp, an advanced configuration tool for creating and maintaining similar applications on
multiple servers. The asm module has components for working with iApps.
description
Your description for the user list.
user-groups
Specifies a list of user groups to compare against the groups a user belongs to (which is mapped from the
source IP address).
users
Specifies a list of users to compare against a packet's source user (which is mapped from the source IP
address).
SEE ALSO
edit, list, modify, net self, net route-domain, security firewall address-list, security firewall rule-list,
security firewall global-rules, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 security firewall user-list(1)