f5-appsvcs-extension
f5-appsvcs-extension copied to clipboard
F5Networks
Firewall rules without the use of address and port lists
Is your feature request related to a problem? Please describe.
We use AFM with AS3 to manage our firewall rules on the Service Forwarding virtual servers. In our firewall infrastructure we have a very large set of rules. At the moment, firewall rules can only be created using address lists and port lists. This creates enormous overhead in our config and automation because we have many different communication relationships due to the different rules.
Describe the solution you'd like
We would like to create firewall rules in a firewall rule lsit without the use of address and ports list (like in the gui). At the moment:
`"fwRuleList": {
"class": "Firewall_Rule_List",
"rules": [
{
"protocol": "tcp",
"name": "tcpAllow",
"loggingEnabled": true,
"destination": {
"portLists": [
{
"use": "fwAllowedPortList"
}
]
},
"source": {
"addressLists": [
{
"use": "fwAllowedAddressList"
}
]
},
"action": "accept"
},`
I want to do something like that: ` "fwRuleList": {
"class": "Firewall_Rule_List",
"rules": [
{
"protocol": "tcp",
"name": "tcpAllow",
"loggingEnabled": true,
"destination": {
"ports": [
"443","80","6000-6111"
],
"addresses": [
"10.10.11.0/24"
]
},
"source": {
"addresses": [
"10.10.10.0/24"
]
},
"action": "accept"
},`
Describe alternatives you've considered
Creating a lot of address and ports list is no alternative.
Additional context
Add any other context, such as the desired tmsh configuration, about the feature request here.
