Forum Discussion

KPS_149915's avatar
KPS_149915
Icon for Nimbostratus rankNimbostratus
Apr 06, 2017

IRule based on src IP LTM

Hi

 

My plan is to allow from 2 subnets and direct to a pool, below irule is not working, if any one knows why it is not working, please share,

 

when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.x.x.x/24]}{ or if {[IP::addr [IP::client_addr] equals 10.x.x.x/24]}{ pool my.pool

 

}

 

Thanks in advance }

 

1 Reply

  • This would be a good application for a data group. Not only would it make the rule easier to update and scale, it will make the tcl code much simpler.

    Create a data group (give it a descriptive name...I'll just use 'allowed-subnets'):

    create ltm data-group internal allowed-subnets type ip records add { 10.x.x.x/24 10.y.y.y/24 }

    Now you can use this data group for matching in your iRule

     

    when CLIENT_ACCEPTED {
        if { [class match [IP::client_addr] eq allowed-subnets] } {
            pool my.pool
        }
    }
    

     

    In the future, allowing additional subnets (or even host addresses) is a matter of adding to the data group. No changes to the iRule would be required.