Block ports with an Irule

Question

Hi all,&nbsp;
&nbsp;I have a little issue with the way we configured our Virtual server. Some of them are listening to all ports, which is a problem when we try to run a penetration test. When we scan an IP that use such a VS, we get false open ports which is quite annoying.
&nbsp;The support told me that the only way to fix that is to remove all the VS and reconfigure 1 for each of the ports we need to open. This is not something I'm really keen to do when some of the servers have about 10 ports open and we have 2 network connection, that means 20 Virtual servers... reproduced on a couple of servers and that's a terrible mess and a big process to go through.
&nbsp;This is what brings me here to ask you if it's possible to create an Irule to block a range of ports for a specific IP/VS
&nbsp;I'm a complete newbie when it comes to Irules so if it's possible I would appreciate some help to understand how I can do that&nbsp;
&nbsp;Thanks!!!&nbsp;

hamish · Answer

Oh... iRules above not tested... Any syntax errors are my own typing, may eat your dog or run off with your girlfriend etc... 
&nbsp;  
&nbsp; H

arnaud_charlier · Answer

Thank you very much for this clear and complete answer! 
&nbsp; I'll have a look at those irules and the packet filter and decide whether I'll do that or create all the virtual servers! 
&nbsp;  
&nbsp; Many Thanks! 
&nbsp; Arnaud

Forum Discussion

Block ports with an Irule

2 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

MS Exchange ProxyNotShell block implemented via iRules

Assistance with iRule using port ranges

Block traffic

iRule - Block part of a query

domain blocking