NimbostratusHi
I am trying to create an irule to block incoming smtp connections unless the originating ip is part of the block of ip addresss i have created in a data group. Where can i find this? Sorry - new at this.
NimbostratusHello,
Edit - just realized I had [TCP::client_addr] instead of [IP:client_addr]
I'm relatively new as well, but you may want to try the below. If the traffic is going to port 25 and the client IP is not included in your allow list, it is set to drop the traffic. All others will go to the default pool, if one is set.when CLIENT_ACCEPTED {
Check if destination port is SMTP and the client IP is not in the allow list
if {[[TCP::local_port] equals 25] and [class match [IP::client_addr] ne DATAGROUPNAME]}{
Drop the traffic
drop
}
}
CirrusHello,
Edit - just realized I had [TCP::client_addr] instead of [IP:client_addr]
I'm relatively new as well, but you may want to try the below. If the traffic is going to port 25 and the client IP is not included in your allow list, it is set to drop the traffic. All others will go to the default pool, if one is set.when CLIENT_ACCEPTED {
Check if destination port is SMTP and the client IP is not in the allow list
if {[[TCP::local_port] equals 25] and [class match [IP::client_addr] ne DATAGROUPNAME]}{
Drop the traffic
drop
}
}
NimbostratusThanks, the rule is being applied to the smtp virtual server which is only port 25. I wrote it like so: when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals trusted_networks] } {
pool smtp_pool
} else {
reject
} }
Where trusted_networks is the data group and smtp_pool is the pool associated with the virtual server. I applied this irule to the VS.
NimbostratusNimbostratusThanks Dareuja, i realized that and switched to class match. Appreciate your help!