address-list
ip/firewall/address-list
Type: Directory
Firewall address lists allow a user to create lists of IP addresses grouped together under a common name. Firewall filter, mangle, and NAT facilities can then use those address lists to match packets against them.
The address list records can also be updated dynamically via the action=add-src-to-address-list or action=add-dst-to-address-list items found in NAT, Mangle, and Filter facilities.
Firewall rules with action add-src-to-address-list or add-dst-to-address-list work in passthrough mode, which means that the matched packets will be passed to the next firewall rules.
| Flag | Name | Description |
|---|---|---|
| X | disabled | disabled |
| D | dynamic | dynamic |
| Argument | Type | Description |
|---|---|---|
| list ( mandatory ) | enum | Name of the address list where the IP address will be added. |
| address | alt { ipRange , string } | A single IP address or range of IPs to add to the address list, or a DNS name. You can input, for example, 192.168.0.0-192.168.1.255 and it will auto-modify the typed entry to 192.168.0.0/23 on saving. IP-IP ranges are supported only for IPv4 addresses. |
| timeout | time | Time after which the address will be removed from the address list. If the timeout is not specified, the address will be stored in the address list permanently otherwise the address will be stored in RAM and will be removed after a system's reboot. |
| dynamic | bool | Whether the entry is dynamically created. |
| Read-only Argument | Type | Description |
|---|---|---|
| creation-time | date | The time when the entry was created. |