Forum Discussion
Justin_106597
Nimbostratus
yep I removed not and I can connect to the end device through the f5. You can see below I removed the not. I also changed the port range from 22 to 23 for testing. I can have another machine not in the admin group try to ssh to the vserver address but doesn't get anything.
when CLIENT_ACCEPTED {
Check if client IP is not defined in the allowed_clients datagroup
log local0. "IP address: [IP::client_addr]"
if { ([class match [IP::client_addr] equals Infoblox_Management]) } {
Client in allowed IP list, so no more checks. ALLOW ACCESS
log local0. " ALLOWED by IP address"
return
}
log local0. "Source Port: [TCP::remote_port]"
if { [TCP::client_port] >= 22 && [TCP::client_port] <= 23 } {
log local0. " IP in ALLOW range"
return
}
Drop any connections that don't fit the previous criteria
log local0. "IP and Port checks failed. DROPPING connection"
drop
}
Michael_Jenkins
Jan 20, 2015Cirrostratus
I notice you are using TCP::client_port instead of TCP::remote_port... That may have something to do with it.