irule to only allow specified IPs to connect to Vitrual

Question

Hello I am looking to create an irule that will only allow connections to a VIP from a list or allowed IP's. Does anyone have a solution that they have used in the past with success on this? &nbsp;
My thought was something like create a group like $trustedIP&nbsp;
Then when &nbsp;
When client accepted 
if eq $trustedIP&nbsp;
allow 
elseif not eq 
block&nbsp;

kai_wilke · Answer

Hi jdeeby, 
you could use LTMs data-groups as a storage for your white-listed IPs and then use an iRule during CLIENT_ACCEPTED event, to compare the connecting [IP::client_addr] with your data-group information. 
Data-Group Config:
ltm data-group internal DG_MY_ALLOWED_IPs {
    records {
        1.1.1.1/32 {}
        2.2.2.0/24 {}
    }
    type ip
}

iRule Syntax to drop the connection on a TCP layer:
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals DG_MY_ALLOWED_IPs] } then {
         Allow trusted clients
    } else {
         Drop untrusted clients
        drop
    }
}

Cheers, Kai

Forum Discussion

irule to only allow specified IPs to connect to Vitrual

1 Reply

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Three Ways to Specify Multiple Ports on a Virtual Server

Get virtual servers, pools, pool members, statuses and connections on a specified LTM

Securely connecting Kubernetes Microservices with F5 Distributed Cloud

Troubeshooting website connection

Force BotDefense Captcha on Specified URL