Forum Discussion
AltocumulusView IPs from list in Network Firewall -> IP Intelligence -> Blacklist
Hello,
How can I view the IPs that are added by me in a custom list in IP Intelligence?
I added manually IPs to a custom list but when I search for the IP in the bar nothing is found. I tried to see the whole list in the terminal but I was not successfully.
I tried from SSH the following commands found in this post: https://community.f5.com/t5/technical-forum/ipi-custom-black-list-category/td-p/75152
tmctl -w120 ip_intelligence_stat shows only lists assigned to virtual servers
tmsh show security ip-intelligence info address x.y.z.k no result
Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k
One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command
root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13 Security::IP Intelligence Address : 13.13.13.13 Virtual server context : /Common/devcentral IP Intelligence Sources : User-defined Whitelisted (Source) : no Whitelisted (Destination) : no Policy Action (Source) : drop Policy Action (Destination) : allow Match Type : Source Categories (Source) (1) : test_custom Categories (Destination) (0) Total records returned: 1 root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like
Data Input Error: Wildcard IP Addresses are not supported.tmctl -w120 ip_intelligence_stat should show counters referring how many times every category was hit, per context.
2 Replies
Hey buzzkiller - if nobody has replied by Monday, I'll feature your question on the weekly Community Highlights to boost visibility and help get your question answered.
CA_ValliMVP
Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k
One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command
root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13 Security::IP Intelligence Address : 13.13.13.13 Virtual server context : /Common/devcentral IP Intelligence Sources : User-defined Whitelisted (Source) : no Whitelisted (Destination) : no Policy Action (Source) : drop Policy Action (Destination) : allow Match Type : Source Categories (Source) (1) : test_custom Categories (Destination) (0) Total records returned: 1 root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like
Data Input Error: Wildcard IP Addresses are not supported.tmctl -w120 ip_intelligence_stat should show counters referring how many times every category was hit, per context.
