--- layout: commands page_title: 'Commands: Intention Match' description: >- The `consul intention match` command returns inbound and outbound service intentions for a specific service. --- # Consul Intention Match Command: `consul intention match` Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/match](/consul/api-docs/connect/intentions#list-matching-intentions) The `intention match` command shows the list of intentions that match a given source or destination. The list of intentions is listed in evaluation order: the first intention that matches a request would be evaluated. The [check](/consul/commands/intention/check) command can be used to check whether an L4 connection would be authorized between any two services. The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of [blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching) are not supported from commands, but may be from the corresponding HTTP endpoint. | ACL Required | | ----------------------------- | | `intentions:read`

Define intention rules in the `service` policy. Refer to [ACL requirements for intentions](/consul/docs/connect/intentions/create-manage-intentions#acl-requirements) for additional information.

| ## Usage Usage: `consul intention match [options] SRC_OR_DST` `SRC` and `DST` can both take [several forms](/consul/commands/intention#source-and-destination-naming). #### Command Options - `-destination` - Match by destination. - `-source` - Match by source. #### Enterprise Options @include 'cli-http-api-partition-options.mdx' @include 'http_api_namespace_options.mdx' #### API Options @include 'http_api_options_client.mdx' ## Examples ```shell-session $ consul intention match -source web web => db (deny) web => api (2 permissions) web => * (allow) ```