Forum Discussion
WithF5
Jan 12, 2018Nimbostratus
Hi mate,
you need to ident your algorithm if you want it to work.
when CLIENT_ACCEPTED {
if { not [([IP::client_addr] equals allowed-nets)] }
{
log local0. "[IP::client_addr] is not permitted to site xxxx"
reject
}
}
Also, I don't think that networks defined in the data group will work... you need to use the full IP /32 (ex. 192.168.1.1, 192.168.1.2 ... ). You can do it in the CLI to make it faster.