security ip-intelligence policy
security ip-intelligence policy(1) BIG-IP TMSH Manual security ip-intelligence policy(1)
NAME
policy - Configures an ip-intelligence policy. It's comprised of three logical groups of settings: list of
feed lists, enforcement and logging settings per blacklist category, and default enforcement and logging
settings for blacklist categories.
MODULE
security ip-intelligence
SYNTAX
Configure the policy component within the security ip-intelligence module using the syntax in the following
sections.
CREATE/MODIFY
create policy [name]
modify policy [name]
options:
app-service [name]
description [string]
blacklist-categories [add | default | delete | replace-all-with] {
[name] {
action [accept | drop | use-policy-setting]
app-service none
description none
log-blacklist-hit-only [no | yes | use-policy-setting]
log-blacklist-whitelist-hit [no | yes | use-policy-setting]
match-direction-override [match-destination | match-source | match-source-and-destination]
}
}
feed-lists [add | default | delete | replace-all-with] { [name] }
default-action [accept | drop]
default-log-blacklist-hit-only [ no | yes ]
default-log-blacklist-whitelist-hit [ no | yes ]
edit policy
options:
all-properties
non-default-properties
DISPLAY
list policy [ [ [name] | [glob] | [regex] ] ... ]
show running-config policy
show running-config policy [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
recursive
DESCRIPTION
You can use the policy component to configure a shareable and reusable enforcement and logging settings on
Dynamic White/Black lists of IPs coming from downloaded feeds. The policy can then be enforced on a number of
configuration objects of the following types: ltm virtual, security ip-intelligence global-policy, net route-
domain.
EXAMPLES
create policy pol1 {
blacklist-categories add {
Spyware {
action use-policy-setting
app-service none
description none
log-blacklist-hit-only use-policy-setting
log-blacklist-whitelist-hit yes
}
}
feed-lists add { alist1 alist2 }
default-action drop
default-log-blacklist-hit-only yes
default-log-blacklist-whitelist-hit no
description none
feed-lists none
partition Common }
Creates a policy pol1 with feeds from alist1 and alist2 feed lists, specific enforcement and logging settings
for Spyware blacklist category and policy default settings for other categories.
modify policy pol1 { feed-lists delete { alist2 } }
Removes the feed-list alist2 from the policy pol1.
list policy
Displays the current list of ip-intelligence policies contents.
OPTIONS
app-service
Specifies the application service to which the object belongs. The default value is none. Note: If the
strict-updates option is enabled on the Application Service that owns the object, you cannot modify or
delete the object. Only the Application Service can modify or delete the object.
description
User defined description.
partition
Displays the administrative partition within which the component resides.
blacklist-categories
Adds, deletes, or replaces blacklist categories.
action
Specifies what enforcement action will be applied if the packet is categorized with this blacklist
category. If the packet is categorized with more than one blacklists the most restrictive action
will be applied.
log-blacklist-hit-only
Specifies if a log message will be generated if the packet is categorized with this blacklist and
the packet's IP listed in no whitelists.
match-direction-override
Overrides the current IP match direction setting for a category. If this value has not been
overridden, it will be set to the value of the parent category's bl-match-direction at the time that
the category was added to the policy.
log-blacklist-whitelist-hit
Specifies if a log message will be generated if the packet is categorized with this blacklist and
the packet's IP is listed in a whitelist.
feed-lists
Adds, deletes, or replaces a feed list. Specifies a list of feed lists (see security ip-intelligence
feed-list) against which the packet will be compared.
default-action
Specifies a default enforcement action which will be performed on the matched packet unless an implicit
action specified for one of the blacklist categories the packet's IP is categorized with. If the packet's
IP is listed in a white list the action is always accept.
default-log-blacklist-hit-only
Specifies a default blacklist hit only logging action which will be performed on the matched packet
unless an implicit action specified for one of the blacklist categories the packet's IP is categorized
with.
default-log-blacklist-whitelist-hit
Specifies a default blacklist and whitelist hit logging action which will be performed on the matched
packet unless an implicit action specified for one of the blacklist categories the packet's IP is
categorized with.
SEE ALSO
create, edit, list, modify, security ip-intelligence feed-list, security log profile, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2013, 2015-2016. All rights reserved.
BIG-IP 2016-03-14 security ip-intelligence policy(1)