eric_haupt1
Dec 19, 2018Nimbostratus
GTM / DNS Restrict source ports from GTM when LB DNS to Microsoft servers
Due to security restrictions, I need to have GTM use source ports 49152-65535 from the self-IP it uses to LB DNS traffic to the DNS servers. I've attempted to force avoidance of certain ports with irules, but it doesn't appear to be working fully. Here are the irules I've tried - I'm looking for a better solution. Is there any way to restrict GTM source port ranges?
when SERVER_CONNECTED {
if { [class match [UDP::local_port] equals hbss-port-exception] } {
log local0. "HBSS EXCEPTION LOG: [IP::server_addr]:[UDP::local_port] - GTM dropping UDP"
UDP::drop }
}
when SERVER_CONNECTED {
if { [class match [TCP::local_port] equals hbss-port-exception] } {
log local0. "HBSS EXCEPTION LOG: [IP::server_addr]:[TCP::local_port] - GTM dropping"
TCP::close }
}