Forum Discussion

Nimbostratus

Apr 06, 2017

IRule based on src IP LTM

Hi My plan is to allow from 2 subnets and direct to a pool, below irule is not working, if any one knows why it is not working, please share, when CLIENT_ACCEPTED { if { [IP::addr [IP::cl...

Nimbostratus

Apr 06, 2017

This would be a good application for a data group. Not only would it make the rule easier to update and scale, it will make the tcl code much simpler.

Create a data group (give it a descriptive name...I'll just use 'allowed-subnets'):

create ltm data-group internal allowed-subnets type ip records add { 10.x.x.x/24 10.y.y.y/24 }

Now you can use this data group for matching in your iRule

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] eq allowed-subnets] } {
        pool my.pool
    }
}

In the future, allowing additional subnets (or even host addresses) is a matter of adding to the data group. No changes to the iRule would be required.

Forum Discussion

IRule based on src IP LTM

Recent Discussions

Content type hearder charset=UTF-8

Web acceleration

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

Enterprise Security best practices with F5 WAF

Disk space full - what files, folders are safe to delete?

Related Content

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

iRule based 'Natural Speech' Expression Language

Converting TCL-Based iRules to Distributed Cloud Service Policies and L7 Routes