Forum Discussion
dennypayne
Apr 15, 2009Employee
The wiki says - "Use of IP::addr is not necessary if matchclass command is used to perform the address-to-address comparison" but nonetheless you may want to try:
if { [matchclass IP:addr[IP::client_addr] equals $::relay_hosts_allowed]} {
The rule looks fine though...so long as LTM has a route to whatever you are trying to get to (or is directly connected) then it should forward the packet.
You could add some logging to see if you're not matching for some reason:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::relay_hosts_allowed]} {
log local0. "[IP::client_addr] matched an allowed host."
forward
} else {
log local0. "[IP::client_addr] didn't match, dropping"
drop
}
}
Denny