---
layout: commands
page_title: 'Commands: Intention Match'
description: >-
  The `consul intention match` command returns inbound and outbound service intentions for a specific service.
---

# Consul Intention Match

Command: `consul intention match`

Corresponding HTTP API Endpoint: [\[GET\] /v1/connect/intentions/match](/consul/api-docs/connect/intentions#list-matching-intentions)

The `intention match` command shows the list of intentions that match
a given source or destination. The list of intentions is listed in evaluation
order: the first intention that matches a request would be evaluated.

The [check](/consul/commands/intention/check) command can be used to
check whether an L4 connection would be authorized between any two services.

The table below shows this command's [required ACLs](/consul/api-docs/api-structure#authentication). Configuration of
[blocking queries](/consul/api-docs/features/blocking) and [agent caching](/consul/api-docs/features/caching)
are not supported from commands, but may be from the corresponding HTTP endpoint.

| ACL Required                  |
| ----------------------------- |
| `intentions:read`<p> Define intention rules in the `service` policy. Refer to [ACL requirements for intentions](/consul/docs/connect/intentions/create-manage-intentions#acl-requirements) for additional information.</p> |

## Usage

Usage: `consul intention match [options] SRC_OR_DST`

`SRC` and `DST` can both take [several forms](/consul/commands/intention#source-and-destination-naming).

#### Command Options

- `-destination` - Match by destination.

- `-source` - Match by source.

#### Enterprise Options

@include 'http_api_partition_options.mdx'

@include 'http_api_namespace_options.mdx'

#### API Options

@include 'http_api_options_client.mdx'

## Examples

```shell-session
$ consul intention match -source web
web => db (deny)
web => api (2 permissions)
web => * (allow)
```