security ip-intelligence feed-list
security ip-intelligence feed-list(1) BIG-IP TMSH Manual security ip-intelligence feed-list(1)
NAME
feed-list - Configures a feed-list for use by firewall. A feed-list is a list of URL feeds from where files
are downloaded and the contents (IP-address prefixes) are compared against the source-IP address and/or
destination-IP address in an IP packet by DWBL (Dynamic White/Black lists) by IP-Intelligence.
MODULE
security ip-intelligence
SYNTAX
Configure the feed-list component within the security ip-intelligence module using the syntax in the following
sections.
CREATE/MODIFY
create feed-list [name]
modify feed-list [[name] | all]
options:
feeds [add | delete | modify | replace-all-with] {
name [string] {
options:
default-blacklist-category [string]
default-list-type [whitelist | blacklist]
poll {
interval [integer]
user [string]
url [string]
password [string]
}
}
}
app-service [name]
description [string]
edit feed-list [[name] | all]
options:
all-properties
non-default-properties
load feed-list [[name] | all] feeds { name [string] }
DISPLAY
list feed-list [[name] | all | [property]]
show running-config feed-list [[name] | all | [property]]
options:
all-properties
non-default-properties
one-line
partition
recursive
DELETE
delete feed-list [[name] | all]
DESCRIPTION
You can use the feed-list component to define reusable lists of feeds. You can use a feed list in a security
ip-intelligence policy. A policy compares all of the addresses in the list (downloaded from a file at the
specified url) to either the source or destination IP in the packet, depending on how you apply the list. If
there is a match, the ip-intelligence policy takes an action, such as accepting or dropping the packet.
EXAMPLES
create feed-list alist1 feeds add { poll { url http://f5.com/bl.txt }
Creates a new feed list, "alist1," with IPv4/IPv6 addresses in the file downloaded from the specified url.
modify feed-list alist1 feeds modify { description "DWBL file from f5.com" }
Modifies the above feed list with a description.
modify feed-list alist1 feeds modify { poll { url https://f5.com/bl.txt }
Modifies the same feed by changing the protocol.
list feed-list alist1
security ip-intelligence feed-list alist1 {
feeds {
url2 {
poll {
url https://f5.com/bl.txt
user user1
password user1_pwd
}
}
description "DWBL file from f5.com"
}
}
Shows the modified feed list.
load feed-list alist1 alist2 feeds { feed1 feed2 }
Immediately downloads and updates feeds feed1 and feed2 of feed lists alist1 and alist2.
OPTIONS
feeds
Adds, deletes, or replaces feeds. You can configure the following options for a feed:
name Specifies a name for a feed. This option is required for the operations create, delete, modify, and
replace-all-with.
add Creates a new feed list.
delete
Deletes the feed list that you specify next, in curly braces ({}).
modify
Makes it possible to replace the optional description(s) for the feed list.
replace-all-with
Replaces the current set of feed list with the a new one that you specify next, in curly braces
({}).
default-list-type
Specifies a default type for this specific entry whether it is a blacklist or whitelist
whitelist
Specifies that this entry is a whitelist.
blacklist
Specifies that this entry is a blacklist.
default-blacklist-category
Default blacklist category type for all blacklist entries that do not have a corresponding
category string (eg. Botnet, Spyware, Malware)
poll You can configure the following options under this:
interval
Specifies the frequency at which the url needs to be polled.
user Specifies the user which is used when downloading the url.
url Specifies the URL from where the white/black list will be downloaded. Note: Route domains
are not supported when specifying the url.
password
Password for the user.
default-list-type
Specifies a default type for this specific entry whether it is a blacklist or whitelist
whitelist
Specifies that this entry is a whitelist.
blacklist
Specifies that this entry is a blacklist.
app-service
Specifies the application service to which the object belongs. The default value is none. Note: If
the strict-updates option is enabled on the Application Service that owns the object, you cannot
modify or delete the object. Only the Application Service can modify or delete the object.
default-blacklist-category
Default blacklist category type for all blacklist entries that do not have a corresponding category
string (eg. Botnet, Spyware, Malware)
description
User defined description for this feed list.
partition
Displays the administrative partition within which the component resides.
SEE ALSO
edit, list, modify, net self, net route-domain, security ip-intelligence global-policy, security ip-
intelligence, ltm virtual, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2016. All rights reserved.
BIG-IP 2016-03-14 security ip-intelligence feed-list(1)