Forum Discussion

buzzkiller's avatar
buzzkiller
Icon for Altostratus rankAltostratus
Jul 20, 2023
Solved

View IPs from list in Network Firewall -> IP Intelligence -> Blacklist

Hello,

How can I view the IPs that are added by me in a custom list in IP Intelligence?

I added manually IPs to a custom list but when I search for the IP in the bar nothing is found. I tried to see the whole list in the terminal but I was not successfully.

I tried from SSH the following commands found in this post: https://community.f5.com/t5/technical-forum/ipi-custom-black-list-category/td-p/75152

tmctl -w120 ip_intelligence_stat shows only lists assigned to virtual servers

tmsh show security ip-intelligence info address x.y.z.k no result

 

  • Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k

    One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command 

    root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13
    Security::IP Intelligence Address  :  13.13.13.13
      Virtual server context           :  /Common/devcentral
      IP Intelligence Sources          :  User-defined
      Whitelisted (Source)             :  no
      Whitelisted (Destination)        :  no
      Policy Action (Source)           :  drop
      Policy Action (Destination)      :  allow
      Match Type                       :  Source
      Categories (Source) (1)          :    test_custom
      Categories (Destination) (0)
    Total records returned: 1
    root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#
    

     

    I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like 

    Data Input Error: Wildcard IP Addresses are not supported.
    

     

    tmctl -w120 ip_intelligence_stat   should show counters referring how many times every category was hit, per context.

2 Replies

  • Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k

    One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command 

    root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13
    Security::IP Intelligence Address  :  13.13.13.13
      Virtual server context           :  /Common/devcentral
      IP Intelligence Sources          :  User-defined
      Whitelisted (Source)             :  no
      Whitelisted (Destination)        :  no
      Policy Action (Source)           :  drop
      Policy Action (Destination)      :  allow
      Match Type                       :  Source
      Categories (Source) (1)          :    test_custom
      Categories (Destination) (0)
    Total records returned: 1
    root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#
    

     

    I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like 

    Data Input Error: Wildcard IP Addresses are not supported.
    

     

    tmctl -w120 ip_intelligence_stat   should show counters referring how many times every category was hit, per context.

  • Hey buzzkiller - if nobody has replied by Monday, I'll feature your question on the weekly Community Highlights to boost visibility and help get your question answered.