it's verified accept in tcp profile. anyway, it's available only in v10.
sol7559: Overview of the TCP profile
http://support.f5.com/kb/en-us/solutions/public/7000/500/sol7559.html
i used reject instead of drop since i'd like to see error when connecting to port 22.
virtual bar {
snat automap
pool foo
destination 172.28.17.33:any
ip protocol tcp
rules myrule
profiles mytcp {}
}
pool foo {
members 10.10.70.110:any {}
}
rule myrule {
when CLIENT_ACCEPTED {
if {[TCP::local_port] == 22} {
reject
}
}
}
profile tcp mytcp {
defaults from tcp
verified accept enable
}
ssh 172.28.17.33
ssh: connect to host 172.28.17.33 port 22: Connection refused