irules to check if the client IP belongs to the Pool

Question

Hi
I'm trying to write an irule to do selective SNAT but i get an error saying
invalid IP network mask specification (line 2) invoked from within "IP::addr [IP::client_addr] equals [active_members -list [LB::server pool]]" 
Here you are my irule
when CLIENT_ACCEPTED {
    Check if the client IP address is a node in the VIP's default pool
    if { [IP::addr [IP::client_addr] equals [active_members -list [LB::server pool]]] }{
  log local0. "SNAT'ing for [active_nodes -list [LB::server pool]] , member of pool [LB::server pool]"
  snat automap

}
   else { 
      snat none 
      log "snat none [IP::client_addr] [IP::remote_addr] "} 
}
I don't know what is wrong...
Thank you for your help

nathe · Answer

Laurent,&nbsp;
"active_members -list" will return the IP address and port, so something like 192.1.1.1 80 for example. This then won't match the IP::addr / IP::client_addr commands I'm afraid.&nbsp;
My quick thoughts would be to create a datagroup instead, using the pool members. Something like 192.1.1.1/32 and do a lookup to this datagroup instead of the pool.&nbsp;
Perhaps not perfect but an option. Perhaps better iRulers here might have better options.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

irules to check if the client IP belongs to the Pool

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

iRule based RADIUS Client Stack

iRule to set SameSite for compatible clients and remove it for incompatible clients (LTM|ASM|APM)

Enhance your Application Security using Client-side signals

iRules Style Guide

Client-Certificate and IP-Whitelisting via Policy or iRule?