inquiry about BIGIP LTM`s security feature

Hi guys.

 

regarding security screening my client request below ACL on BIGIP.

 

below things are cisco ACL but I`m not good at cisco.

 

I need to implement below ACL on BIGIP.

 

1> Source IP ACL access-list ㅇㅇㅇ deny ip 127.0.0.0 0.255.255.255 any access-list ㅇㅇㅇ deny ip 224.0.0.0 31.255.255.255 any access-list ㅇㅇㅇ deny ip host 0.0.0.0 any access-list ㅇㅇㅇ permit ip any any

 

2> DDoS attack depense access-list ㅁㅁㅁ deny ip 0.0.0.0 0.255.255.255 any access-list ㅁㅁㅁ deny ip 127.0.0.0 0.255.255.255 any access-list ㅁㅁㅁ deny ip 169.254.0.0 0.0.255.255 any access-list ㅁㅁㅁ deny ip 192.0.2.0 0.0.0.255 any access-list ㅁㅁㅁ permit ip any any

 

The security features of the F5 LTM I know are:

 

1. httpd and sshd allow -> only way to access bigip is using ssh or https

    

2. port lock down -> set which procotol is allowed

    

3. tm.maxrejectrate

    

4. Virtual server`s standard type -> prevent syn flood

    

5. hardware / software syncookie protection -> I know vaguely.

    

6. packet filter -> I`m not good at this option

    

is there any more useful security feature, please let me know

 

and how does BIGIP defense IP spoofing and ICMP flooding?

 

When an attacker attacks a VIP or self ip, BIGIP will behave differently.

 

Do you know any more security feature, please let me know

 

thank you