In a Network Firewall rule, you have several options for defining addresses and ports. You can use one or more of these options to configure the ports and addresses to which a firewall rule applies.
You can configure a DNS resolver on the BIG-IP system to resolve DNS queries and cache the responses, and provide the resolved DNS addresses to network firewall rules that use fully qualified domain names (FQDNs). The next time the system receives a query for a response that exists in the cache, the system returns the response from the cache. The resolver cache contains messages, resource records, and the nameservers the system queries to resolve DNS queries.
After you specify a DNS resolver, you specify the DNS resolver in the Network Firewall options, to allow firewall rules to resolve and cache IP addresses from FQDNs.
An address list is simply a collection of addresses saved on the server, including fully qualified domain names, IP addresses, contiguous IP address ranges, geographic locations, and other (nested) address lists. You can define one or more address lists, and you can select one or more address lists in a firewall rule. Firewall address lists can be used in addition to inline addresses that are specified within a particular rule.
A port list is simply a collection of ports saved on the server. A port list can also contain other port lists. You can define one or more port lists, and you can specify one or more port lists in a firewall rule. Firewall port lists can be used in addition to inline ports, specified within a particular firewall rule or policy.