F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP AFM
  4. BIG-IP Network Firewall: Policies and Implementations
  5. About Firewall Rule Addresses and Ports
Manual Chapter : About Firewall Rule Addresses and Ports

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 11.5.10, 11.5.9, 11.5.8, 11.5.7, 11.5.6, 11.5.5, 11.5.4, 11.5.3, 11.5.2, 11.5.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

About Firewall Rule Addresses and Ports

About firewall rule addresses and ports

In a network firewall rule, you have several options for defining addresses and ports. You can use one or more of these options to configure the ports and addresses to which a firewall rule applies.

Note: You can use any combination of inline addresses, ports, address lists, and port lists in a firewall rule.
Any (address or port)
In both Source and Destination address and port fields, you can select Any. This specifies that the firewall rule applies to any address or port.
Inline addresses
An inline address is an IP address that you add directly to the network firewall rule, in either the Source or Destination Address field. You can specify a single IP address, multiple IP addresses, a contiguous range of IP addresses, or you can identify addresses based on their geographic location. IP addresses can be either IPv4 or IPv6, depending on your network configuration.
Address Lists
An address list is a preconfigured list of IP addresses that you add directly to the BIG-IP® system. You can then select this list of addresses to use in either the Source or Destination Address field. An address list can also contain other address lists, and geographic locations.
Inline ports
An inline port is a port that you add directly to the network firewall rule, in either the Source or Destination Port field. You can add a single port, or a contiguous port range.
Port lists
A port list is a preconfigured list of ports that you add directly to the BIG-IP system. You can then select this list of ports to use in either the Source or Destination Port field. You can also add port lists to other port lists.

About address lists

An address list is simply a collection of addresses saved on the server, including IP addresses, IP address ranges, geographic locations, and other (nested) address lists. You can define one or more address lists, and you can select one or more address lists in a firewall rule. Firewall address lists can be used in addition to inline addresses that are specified within a particular rule.

Creating an address list

Create an address list to apply to a firewall rule, in order to match IP addresses.
  1. On the Main tab, click Security > Network Firewall > Address Lists .
    The Address Lists screen opens.
  2. Click Create to create a new address list.
  3. In the Name and Description fields, type the name and an optional description.
  4. In the Addresses area, add and remove addresses.
    • To add an address, type the address and click Add.
    • To remove an address, select the address in the Addresses list and click Delete.
    • To edit an address, select the address in the list and click Edit. The address is removed from the Addresses list and appears in the editing field. Make your changes to the address, and click Add.
    Addresses can be IP addresses, IP address ranges, geographic locations, other address lists, or any combination of these.
  5. Click Finished.
    The list screen and the new item are displayed.

About port lists

A port list is simply a collection of ports saved on the server. A port list can also contain other port lists. You can define one or more port lists, and you can specify one or more port lists in a firewall rule. Firewall port lists can be used in addition to inline ports, specified within a particular firewall rule or policy.

Creating a port list

Create a port list to apply to a firewall rule, in order to match ports.
  1. On the Main tab, click Security > Network Firewall > Port Lists .
    The Port Lists screen opens.
  2. Click Create to create a new port list.
  3. In the Name and Description fields, type the name and an optional description.
  4. In the Ports area, add and remove ports.
    • To add a single port, select Single Port, then type the port number, and click Add.
    • To add a contiguous range of ports, select Port Range, then type the start and end port in the fields. Click Add to add the range of ports to the port list.
    • To add an existing port list to the current port list, select Port List, then select the predefined port list. Click Add to add the existing port list to the current port list.
    • To remove a port or port list, select the port or port list in the Ports area and click Delete.
    • To edit a port entry, select the port or port range in the list and click Edit. The port or port range is removed from the Ports list and appears in the editing field. Make your changes to the port or port range, and click Add.
  5. Click Finished.
    The list screen and the new item are displayed.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information