squeezebox_2829
Aug 10, 2016Nimbostratus
Multiple Switch statements in a single iRule
Hi there,
I have several ranges of addresses which I want to see if traffic is coming from and deny traffic. Say the ranges are as follows as an example:
10.11.0.0/16 10.12.0.0/16 10.13.13.0/22 10.14.14.0/22 10.23.23.0/24 10.24.24.0/24
I am wondering if I can have multiple switch statements in the CLIENT_ACCEPTED section of code such as (obviously some default statement would need to be added somewhere along the line or an overarching check to bypass this lookup if it is not required):
when CLIENT_ACCEPTED {
switch -glob [IP::addr [IP::client_addr]/16] {
"10.11.0.0" {
some action
}
"10.12.0.0" {
some action
}
}
switch -glob [IP::addr [IP::client_addr]/22] { switch -glob [IP::addr [IP::client_addr]/22] {
"10.13.13.0" {
some action
}
"10.14.14.0" {
some action
}
}
switch -glob [IP::addr [IP::client_addr]/24] { switch -glob [IP::addr [IP::client_addr]/22] {
"10.23.23.0" {
some action
}
"10.24.24.0" {
some action
}
}
}
Yes, but what you really want to do is use a Data Group. Let's say you have a Data Group that looks like this:
create ltm data-group internal dg-address-matchers type ip \ records add { 10.11.0.0/16 { data "action1" } \ 10.12.0.0/16 { data "action2" } \ 10.13.13.0/22 { data "action3" } ... }
You would then use it thusly:
when CLIENT_ACCEPTED { set indicator [class lookup [IP::client_addr] dg-address-matchers] switch [class lookup [IP::client_addr] dg-address-matchers] { action1 { ... do something ... } action2 { ... do something else ... } ... etc ... "" { this means the IP matches no netblocks in the data-group } } }