Forum Discussion

Nimbostratus

Jan 30, 2018

irule to only allow specified IPs to connect to Vitrual

Hello I am looking to create an irule that will only allow connections to a VIP from a list or allowed IP's. Does anyone have a solution that they have used in the past with success on this? My...

MVP

Jan 30, 2018

Hi jdeeby,

you could use LTMs data-groups as a storage for your white-listed IPs and then use an iRule during

CLIENT_ACCEPTED

event, to compare the connecting

[IP::client_addr]

with your data-group information.

Data-Group Config:

ltm data-group internal DG_MY_ALLOWED_IPs {
    records {
        1.1.1.1/32 {}
        2.2.2.0/24 {}
    }
    type ip
}

iRule Syntax to drop the connection on a TCP layer:

when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals DG_MY_ALLOWED_IPs] } then {
         Allow trusted clients
    } else {
         Drop untrusted clients
        drop
    }
}

Cheers, Kai

Forum Discussion

irule to only allow specified IPs to connect to Vitrual

Recent Discussions

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

Related Content

Three Ways to Specify Multiple Ports on a Virtual Server

Get virtual servers, pools, pool members, statuses and connections on a specified LTM

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Force BotDefense Captcha on Specified URL

Troubeshooting website connection