SFTP port 22 to be allowed on specfic IP addresses

Question

Hi All,&nbsp;
We have SFTP allowed on f5 and we need to narrow down the access parameter to hit by specific IP address
How We can create rule for SFTP allow on specific IP addresses   &nbsp;

harshapotharaju · Answer

I guess this is what you are looking for. Test it and let me know how this is working.
when CLIENT_ACCEPTED {

if { [IP::client_addr] equals "x.x.x.x" } {
    pool your_pool_name
    log local0. "Request for service at port [TCP::local_port] from [IP::client_addr]"}
else {
    reject
    }
}

oguzy · Answer

Hi,
You can use Data Groups within an irule. 
For instance;
when CLIENT_ACCEPTED {
    Comparing source IP to a list of entries in a LTM data-group.
   if { not ( [class match [IP::remote_addr] equals data_SourceIps ] ) } {
      reject;
   }

}

Forum Discussion

SFTP port 22 to be allowed on specfic IP addresses

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Active- Active HA setup

syslog server connection

Cannot see floating MAC address outside of ESXi

Rewrite uri translation not working

Related Content

Decoding the IPv4 address from the persistence cookie

CSV to Address External Datagroup File

Allow only specific IP Address to only specific URL/route in ASM

allow one url from blocks geolocation

SNAT IP address logging