Applies To:
Show VersionsBIG-IQ Security
- 4.5.0
About rules and rule lists
Rule lists are containers for rules, which are run in the order they appear in their assigned rule list. A rule list can contain thousands of ordered rules, but cannot be nested inside another rule list. You can reorder rules in a given rule list at any time.
With BIG-IQ Network Security, you can manage rules and rule lists from the Rule Lists option (Policy Editor > Rule Lists). You can also create rules and add rule lists from the Contexts and the Polices options. You can import and manage rules (and/or rule lists) from BIG-IP devices. Furthermore, you can define rules and rule lists within BIG-IQ Network Security, and then deploy back to the BIG-IP device.
You can define a list of rules for a specific firewall and/or refer to one or more shared rule lists by name from other firewalls.
Network firewalls use rules and rule lists to specify traffic-handling actions. The network software compares IP packets to the criteria specified in rules. If a packet matches the criteria, then the system takes the action specified by the rule. If a packet does not match any rule from the list, the software accepts the packet or passes it to the next rule or rule list. For example, the system compares the packet to self IP rules if the packet is destined for a network associated with a self IP address that has firewall rules defined.
A packet must pass all tests to match successfully. For example, to match against a source subnet and several destination ports, a packet must originate from the given subnet and also have one of the specified destination ports.
Rules and rule lists can be applied to all firewall types, such as:
- Global
- Route domain
- Virtual server
- Self IP
- Management IP (rules only, no iRule or geolocation support)
Filtering rule lists
To filter the system interface to display only those objects related to a selected rule list, hover over the rule list name, right-click and then click Filter 'related to'. The interface is filtered and a count appears to the right of each object type. The frame to the right provides its own filter field where you can enter text and click on the filter icon to constrain the display to those items that match the filter.
Creating rules
Reordering rules in rule lists
Removing rules
-
You remove a rule based on the object that you remove it from:
Option Description From a rule list In the left pane, expand Rules Lists and click the name of the rule list containing the rule that you want to delete. This opens the Rule List frame that provides access to Propertiesand Rules options. From a firewall context In the left pane, expand Contexts, click the name of the context containing the rule that you want to delete.This opens the Properties frame and provides access to Properties, Enforced and Staged options. Then, select Enforced or Staged as appropriate. From a policy In the left pane, expand Policies, click the name of the policy containing the rule that you want to delete. The Policy frame opens and provides access to Properties and Rules & Rule Lists options. Select Rules & Rule Lists. - Click Edit to lock for editing.
- Hover over the row containing the rule, and right-click.
- Select Delete Rule and confirm the deletion.
- Click Save to save your changes.
Adding rule lists
Editing rule lists
Clearing fields in rules
- Log in to BIG-IQ Network Security.
- Click Object Editor.
- Expand Rule Lists and click the name of a rule list that you want to edit.
- Click Edit to lock for editing.
- Click the Rules tab to ensure it is selected.
- Locate the rule containing the fields whose contents you want to remove.
-
Not all fields can be cleared, but you can remove the contents of these fields
as follows:
Option Description Address (source or destination) Hover over the text in the field. Right-click and select Remove item. Port (source or destination) Hover over the text in the field. Right-click and select Remove item. VLAN Hover over the text in the field. Right-click and select Remove item. iRule Hover over the text in the field. Right-click and select Remove item. Description Hover over the text in the field. Right-click and select Remove item. - Click Save to save your changes.
- When you are finished, click Save and Close to save your edits, clear the lock, and exit the panel.
Cloning rule lists
Removing rule lists
Rule properties
The following table lists and describes the properties required when configuring network firewall rules.