View IPs from list in Network Firewall -> IP Intelligence -> Blacklist

buzzkiller · ‎19-Jul-2023

Hello,

How can I view the IPs that are added by me in a custom list in IP Intelligence?

I added manually IPs to a custom list but when I search for the IP in the bar nothing is found. I tried to see the whole list in the terminal but I was not successfully.

I tried from SSH the following commands found in this post: https://community.f5.com/t5/technical-forum/ipi-custom-black-list-category/td-p/75152

tmctl -w120 ip_intelligence_stat shows only lists assigned to virtual servers

tmsh show security ip-intelligence info address x.y.z.k no result

CA_Valli · ‎25-Jul-2023

Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k

One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command

root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13
Security::IP Intelligence Address  :  13.13.13.13
  Virtual server context           :  /Common/devcentral
  IP Intelligence Sources          :  User-defined
  Whitelisted (Source)             :  no
  Whitelisted (Destination)        :  no
  Policy Action (Source)           :  drop
  Policy Action (Destination)      :  allow
  Match Type                       :  Source
  Categories (Source) (1)          :    test_custom
  Categories (Destination) (0)
Total records returned: 1
root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#

I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like

Data Input Error: Wildcard IP Addresses are not supported.

tmctl -w120 ip_intelligence_stat should show counters referring how many times every category was hit, per context.

View solution in original post

Leslie_Hubertus · ‎21-Jul-2023

Hey @buzzkiller - if nobody has replied by Monday, I'll feature your question on the weekly Community Highlights to boost visibility and help get your question answered.

CA_Valli · ‎25-Jul-2023

Hello, if you're trying to understand whether a certain IP address is being listed in one of your Custom blacklist categories, the correct command would be tmsh show security ip-intelligence info address x.y.z.k

One important note, you should give context to the command above - if the IPI policy isn't global but it's only applied to a certain VS or to a certain RD, you should specify the VS name or RD ID in the command

root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)# show security ip-intelligence info virtual-server devcentral address 13.13.13.13
Security::IP Intelligence Address  :  13.13.13.13
  Virtual server context           :  /Common/devcentral
  IP Intelligence Sources          :  User-defined
  Whitelisted (Source)             :  no
  Whitelisted (Destination)        :  no
  Policy Action (Source)           :  drop
  Policy Action (Destination)      :  allow
  Match Type                       :  Source
  Categories (Source) (1)          :    test_custom
  Categories (Destination) (0)
Total records returned: 1
root@(bigip)(cfg-sync Standalone)(Active)(/Common)(tmos)#

I'm not sure if there's a command that can list all IP's , I've tested myself but it looks like

Data Input Error: Wildcard IP Addresses are not supported.

tmctl -w120 ip_intelligence_stat should show counters referring how many times every category was hit, per context.

DevCentral

View IPs from list in Network Firewall -> IP Intelligence -> Blacklist

MFA required on DevCentral