Forum Discussion
hooleylist
Jul 14, 2011Cirrostratus
If this case gets executed it will trigger a runtime error:
elseif { not [[IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]] } {
as this:
[IP::addr [IP::remote_addr] equals 172.27.0.0/16] or [IP::addr [IP::remote_addr] equals 89.104.128.0/19]
will return either 0 or 1 depending on the client IP. Then the outer square braces mean that return value will get executed. So you'll get an error saying 1 or 0 isn't a valid command.
Using parentheses will allow you to negate the expression within:
if { not (0 and 1) } {
log local0. "true"
} else {
log local0. "false"
}
Log output: true
As for IP::addr and the slash notation: both should work if you're on 10.2.1:
: [IP::addr 89.104.145.10 equals 89.104.145.0/24]: 1
: [IP::addr 89.104.145.10/24 equals 89.104.145.0/24]: 1
But the first version where the subnet is only on the network address (not the host) will be more efficient (by up to 40%). See Jason's article on this:
http://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/1086449/iRules-IP-Comparison-Considerations-with-IPaddr-Command.aspx
Aaron