Forum Discussion

Nimbostratus

Apr 03, 2009

IRule to block all but a few members of a subnet

For give the newbie question, but this will be all of the second iRule that I've ever had to write. We've got a situation where a major application has failed, and we're moving it behind the LTM. Ho...

Employee

Apr 03, 2009

Since it's temporary, you could just use packet filters rather than writing a rule.

Or, something like:

 
 when CLIENT_ACCEPTED { 
   if { not (IP::addr[IP::client_addr] equals "x.x.x.x") } { 
       add add'l IP's with an || operator if needed 
       discard 
     } 
 }

or if you create a Data Group (class) with your list of IP's:

 
 when CLIENT_ACCEPTED { 
    if { not ( [matchclass $::data_group_name contains IP::addr[IP::client_addr]]) } { 
      discard 
   }  
 }

Denny

Forum Discussion

IRule to block all but a few members of a subnet

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Using Client Subnet in DNS Requests

Interrogate Pool Member Priority Group from iRule

Configuring Pool members in a separate subnet of self IP on a Virtual Server

DevCentral's Featured Member for February - Edouard Zorrilla

Implementing Client Subnet DNS Requests