Forum Discussion

Nimbostratus

Mar 30, 2016

iRule to allow only TCP port 444, 8000, and 9001

I am configuring a VIP using port 0 to allow all traffic and an iRule to drop everything but TCP ports 444, 8000, and 9001 but my iRule syntax is not being accepted. Here is what I was attempting to...

application delivery

iRules

arpydays

Nimbostratus

Mar 30, 2016

couple of things, you are missing a closed parenthesis, I'm guessing you want to use the dest ports on the client connection not the source ports so you could use TCP::local_port, also no need to negate the equals if you already have a NOT at the end. This should work for you.

when CLIENT_ACCEPTED {
    if { not ([TCP::local_port] eq 444 or [TCP::local_port] eq 8000 or [TCP::local_port] eq 9001) } {  
      drop
    } 
}

Forum Discussion

iRule to allow only TCP port 444, 8000, and 9001

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Hey ChatGPT, can you write iRules?

POC: Validate JWT with iRule

iRule [after 8000] causing TMM reset

Decrypting BIG-IP Packet Captures without iRules

irule