Forum Discussion
Kai_Wilke
Jan 30, 2018MVP
Hi jdeeby,
you could use LTMs data-groups as a storage for your white-listed IPs and then use an iRule during
CLIENT_ACCEPTED
event, to compare the connecting [IP::client_addr]
with your data-group information.
Data-Group Config:
ltm data-group internal DG_MY_ALLOWED_IPs {
records {
1.1.1.1/32 {}
2.2.2.0/24 {}
}
type ip
}
iRule Syntax to drop the connection on a TCP layer:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals DG_MY_ALLOWED_IPs] } then {
Allow trusted clients
} else {
Drop untrusted clients
drop
}
}
Cheers, Kai