Block multiple IPs

Question

Quick question. is there a way to use a elseif/else statement to block more then one IP?  I have the following iRule to block and singluar or whole subnet, but want to know how I can add an addition IP/Subnet to the rule. Thank you.
 
when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
    drop
  }
}

what_lies_bene1 · Answer

Try this, using a Data Group/Class; 
 
Create a Data Group (called source_ips below) with just the IP addresses 
of the hosts you’d like to accept

when CLIENT_ACCEPTED {
 if { not [class match [IP::client_addr] equals source_ips] } {
   reject }
}

smiley_dba_1116 · Answer

Will this iRule also allow traffic if people are not on the list? 
&nbsp;  
&nbsp; RGW

what_lies_bene1 · Answer

No it won't. If you need it the other way around remove the 'not' and put the unwanted addresses in the DG; everything else will pass.

Forum Discussion

Block multiple IPs

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Block IP after a number of ASM Blocks

Block destination IP by source IP

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

Block traffic

domain blocking