F5 Programmability Training > Class 3: Introduction to SecDevOps > Module 1: Programmatic Firewall (AFM) Configuration Source | Edit on
Module 1, Lab 2: Create an AFM Address List¶
Overview¶
In this lab, the iControl REST based API will be used to create an address list that will be used with an AFM policy in a later lab.
Note
- Use Postman to complete this lab.
- Some response content has been removed for brevity.
1.2.1. List all Firewall Policies¶
Hint
Send a Request with the following details.
MethodGETURLhttps://{{bigip-dev_mgmt}}/mgmt/tm/security/firewall/policy
HeadersX-F5-Auth-Token: {{bigip-dev_auth_token}}
Body
Example Response
Note
- A test policy has already been created on the BIG-IP for demonstration purposes.
{
"kind": "tm:security:firewall:policy:policycollectionstate",
"selfLink": "https://localhost/mgmt/tm/security/firewall/policy?ver=13.1.0.8",
"items": [
{
"kind": "tm:security:firewall:policy:policystate",
"name": "block_all",
"partition": "Common",
"fullPath": "/Common/block_all",
"generation": 5789,
"selfLink": "https://localhost/mgmt/tm/security/firewall/policy/~Common~block_all?ver=13.1.0.8",
"rulesReference": {
"link": "https://localhost/mgmt/tm/security/firewall/policy/~Common~block_all/rules?ver=13.1.0.8",
"isSubcollection": true
}
}
]
}
1.2.2. List all Address Lists¶
Hint
Send a Request with the following details.
MethodGETURLhttps://{{bigip-dev_mgmt}}/mgmt/tm/security/firewall/address-list
HeadersX-F5-Auth-Token: {{bigip-dev_auth_token}}
Body
Example Response
Note
- A test address list has already been created on the BIG-IP for demonstration purposes.
{
"kind": "tm:security:firewall:address-list:address-listcollectionstate",
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list?ver=13.1.0.8",
"items": [
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "test_address_list",
"partition": "Common",
"fullPath": "/Common/test_address_list",
"generation": 6326,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~test_address_list?ver=13.1.0.8",
"addresses": [
{
"name": "1.1.1.1"
}
]
}
]
}
1.2.3. Create an Address List¶
An HTTP POST to the /mgmt/tm/security/firewall/address-list/ endpoint with a body containing the configuration creates an address list that can be used with a firewall policy.
Hint
Send a Request with the following details.
MethodPOSTURLhttps://{{bigip-dev_mgmt}}/mgmt/tm/security/firewall/address-list/
HeadersContent-Type: application/json X-F5-Auth-Token: {{bigip-dev_auth_token}}
Body{ "name": "google-dns_address_list", "addresses": [ { "name": "8.8.4.4" } ] }
Copy the name of the address list you created into the afm_address_list Postman environment variable.
Example Response
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.1.0.8",
"addresses": [
{
"name": "8.8.4.4"
}
]
}
1.2.4. List a Single Address List¶
To retrieve the contents of a single address list, send a HTTP GET to the /mgmt/tm/security/firewall/address-list/ and include the name of the address list. For example, /mgmt/tm/security/firewall/address-list/google-dns_address_list.
Hint
Send a Request with the following details.
MethodGETURLhttps://{{bigip-dev_mgmt}}/mgmt/tm/security/firewall/address-list/{{afm_address_list}}
HeadersX-F5-Auth-Token: {{bigip-dev_auth_token}}
Body
Example Response
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.1.0.8",
"addresses": [
{
"name": "8.8.4.4"
}
]
}
1.2.5. Update Address List¶
A HTTP PATCH to the /mgmt/tm/security/firewall/address-list/{{afm_address_list}} endpoint with a body containing all addresses that should exist in the address list will update this collection.
Warning
When patching an address list, be sure to include all addresses (e.g. existing and new) to ensure that the list does not get overwritten.
Hint
Send a Request with the following details.
MethodPATCHURLhttps://{{bigip-dev_mgmt}}/mgmt/tm/security/firewall/address-list/{{afm_address_list}}
HeadersContent-Type: application/json X-F5-Auth-Token: {{bigip-dev_auth_token}}
Body{ "name": "google-dns_address_list", "addresses": [ { "name": "1.1.1.1" }, { "name": "2.2.2.2" }, { "name": "3.3.3.3" }, { "name": "4.4.4.4" }, { "name": "8.8.4.4" } ] }
Example Response
{
"kind": "tm:security:firewall:address-list:address-liststate",
"name": "google-dns_address_list",
"partition": "Common",
"fullPath": "/Common/google-dns_address_list",
"generation": 11436,
"selfLink": "https://localhost/mgmt/tm/security/firewall/address-list/~Common~google-dns_address_list?ver=13.1.0.8",
"addresses": [
{
"name": "1.1.1.1"
},
{
"name": "2.2.2.2"
},
{
"name": "3.3.3.3"
},
{
"name": "4.4.4.4"
},
{
"name": "8.8.4.4"
}
]
}