it might be a possible way, hope it could help.
it still use feed, but make use of httpd service on bigip.
BE AWARE THAT THIS CONFIG IS NOT officially supported by F5.
[root@ve3:Active:Standalone] config cat << EOF > /etc/httpd/conf.d/feeds.conf
>
> DocumentRoot /var/feeds
> LogLevel debug
>
> Options Indexes FollowSymLinks MultiViews
> AllowOverride None
>
> KeepAlive Off
>
> Listen 127.0.0.1:8123
> EOF
[root@ve3:Active:Standalone] config cat /etc/httpd/conf.d/feeds.conf
DocumentRoot /var/feeds
LogLevel debug
Options Indexes FollowSymLinks MultiViews
AllowOverride None
KeepAlive Off
Listen 127.0.0.1:8123
[root@ve3:Active:Standalone] config bigstart restart httpd
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
[root@ve3:Active:Standalone] config netstat -anp | grep 8123
tcp 0 0 127.0.0.1:8123 0.0.0.0:* LISTEN 14055/httpd
[root@ve3:Active:Standalone] config mkdir /var/feeds; cat << EOF > /var/feeds/feeds.txt
> 10.2.22.177,32,bl,test_blacklist_category_1
> EOF
[root@ve3:Active:Standalone] config cat /var/feeds/feeds.txt
10.2.22.177,32,bl,test_blacklist_category_1
[root@ve3:Active:Standalone] config tmsh list security ip-intelligence
security ip-intelligence blacklist-category test_blacklist_category_1 { }
security ip-intelligence feed-list test_feed_list {
feeds {
feed_list_1 {
default-blacklist-category test_blacklist_category_1
poll {
url http://127.0.0.1:8123/feeds.txt
}
}
}
}
security ip-intelligence global-policy {
ip-intelligence-policy test_ip_intelligence
}
security ip-intelligence policy ip-intelligence { }
security ip-intelligence policy test_ip_intelligence {
blacklist-categories {
test_blacklist_category_1 {
match-direction-override match-source
}
}
default-log-blacklist-hit-only yes
default-log-blacklist-whitelist-hit yes
feed-lists {
test_feed_list
}