iRule to allow only TCP port 444, 8000, and 9001

Question

I am configuring a VIP using port 0 to allow all traffic and an iRule to drop everything but TCP ports 444, 8000, and 9001 but my iRule syntax is not being accepted.  Here is what I was attempting to configure;&nbsp;
when CLIENT_ACCEPTED {
if { not ( [TCP::client_port] != 444 or [TCP::client_port] != 8000 or [TCP::client_port] != 9001 } { 
 drop } 
}&nbsp;
Any help correcting this iRule would be greatly appreciated.&nbsp;

arpydays · Answer

couple of things, you are missing a closed parenthesis, I'm guessing you want to use the dest ports on the client connection not the source ports so you could use TCP::local_port, also no need to negate the equals if you already have a NOT at the end. This should work for you.
when CLIENT_ACCEPTED {
    if { not ([TCP::local_port] eq 444 or [TCP::local_port] eq 8000 or [TCP::local_port] eq 9001) } {  
      drop
    } 
}

Forum Discussion

iRule to allow only TCP port 444, 8000, and 9001

1 Reply

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

iRule [after 8000] causing TMM reset

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule