F5 Logo MyF5
Search
  1. MyF5 Home
  2. Knowledge Centers
  3. BIG-IP AFM
  4. BIG-IP Network Firewall: Policies and Implementations
  5. Firewall Rule Addresses and Ports
Manual Chapter : Firewall Rule Addresses and Ports

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 11.6.5, 11.6.4, 11.6.3, 11.6.2, 11.6.1
Manual Chapter
Table of Contents | << Previous Chapter | Next Chapter >>

Firewall Rule Addresses and Ports

About firewall rule addresses and ports

In a Network Firewall rule, you have several options for defining addresses and ports. You can use one or more of these options to configure the ports and addresses to which a firewall rule applies.

Note: You can use any combination of inline addresses, ports, address lists, and port lists in a firewall rule.
Any (address or port)
In both Source and Destination address and port fields, you can select Any. This specifies that the firewall rule applies to any address or port.
Inline addresses
An inline address is an IP address that you add directly to the network firewall rule, in either the Source or Destination Address field. You can specify a single IP address, multiple IP addresses, a contiguous range of IP addresses, or you can identify addresses based on their geographic location. IP addresses can be either IPv4 or IPv6, depending on your network configuration.
Address lists
An address list is a preconfigured list of IP addresses that you add directly to the BIG-IP® system. You can select this list of addresses to use in either the Source or Destination Address field. An address list can also contain other address lists, and geographic locations.
Inline ports
An inline port is a port that you add directly to the network firewall rule, in either the Source or Destination Port field. You can add a single port, or a contiguous port range.
Port lists
A port list is a preconfigured list of ports that you add directly to the BIG-IP system. You can select this list of ports to use in either the Source or Destination Port field. You can also add port lists to other port lists.

About address lists

An address list is simply a collection of addresses saved on the server, including IP addresses, contiguous IP address ranges, geographic locations, and other (nested) address lists. You can define one or more address lists, and you can select one or more address lists in a firewall rule. Firewall address lists can be used in addition to inline addresses that are specified within a particular rule.

Creating an address list

Create an address list to apply to a firewall rule, in order to match IP addresses.
  1. On the Main tab, click Security > Network Firewall > Address Lists .
    The Address Lists screen opens.
  2. Click Create to create a new address list.
  3. In the Name and Description fields, type the name and an optional description.
  4. In the Addresses area, add and remove addresses.
    • To add an IP address, type the address and press Enter.
    • To add an IP address range, type the start and end IP addresses, separated by a dash, and press Enter.
    • To add an existing address list, start typing the name of the address list. A list of items (address lists and geographic locations) will appear. Select the address list and press Enter.
    • To add a geographic location, start typing the name of the geographic location. A list of items (address lists and geographic locations) will appear. Select the geographic location and press Enter.
    • To remove an address, select the address in the Addresses list and click the X.
    Address lists can contain IP addresses, IP address ranges, geographic locations, other address lists, or any combination of these.
  5. Click Finished.
    The list screen and the new item are displayed.

About port lists

A port list is simply a collection of ports saved on the server. A port list can also contain other port lists. You can define one or more port lists, and you can specify one or more port lists in a firewall rule. Firewall port lists can be used in addition to inline ports, specified within a particular firewall rule or policy.

Creating a port list

Create a port list to apply to a firewall rule, in order to match ports.
  1. On the Main tab, click Security > Network Firewall > Port Lists .
    The Port Lists screen opens.
  2. Click Create to create a new port list.
  3. In the Name and Description fields, type the name and an optional description.
  4. In the Ports area, add and remove ports.
    • To add a single port, type the port number and press the Enter key.
    • To add a contiguous range of ports, type the first port number, a dash, and the last port number, then press the Enter key.
    • To add an existing port list to the current port list, start typing the name of the port list. A list of port lists that match the typed input appear below the field. Select the port list you want to add, then press the Enter key.
    • To remove a port, port range, or port list, select the entryin the Ports area and click the small X to the right of the entry.
  5. Click Finished.
    The list screen and the new item are displayed.
Table of Contents | << Previous Chapter | Next Chapter >>
Contact Support Contact Support

Have a Question?

Support and Sales >

About F5

Education

F5 Sites

Support Tasks




©2023 F5 Networks, Inc. All rights reserved.


Trademarks Policies Privacy California Privacy Do Not Sell My Personal Information