iRule to allow certain IP and networks

Hello. I am trying to create an iRule that will only allow certain IPs/networks on a VIP. I have:

 Datagroup which defines allowed client IP addresses/networks
class allowed_clients {
    {
    network 10.173.15.0/24
    network 10.171.105.0/24
    host 10.171.124.144
    host 10.171.124.145
    }
}

 This event is triggered when a client - BIG-IP TCP connection is established
when CLIENT_ACCEPTED {
   if { [matchclass [IP::client_addr] equals $::allowed_clients] }{

       Uncomment to turn on logging.
       log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
       Do nothing... request will be sent to the pool

   } else {

       Uncomment to turn on logging.
       log local0. "Invalid client IP: [IP::client_addr] - discarding"
      discard
   }
}

The iRule isn't working. It tells me:

01070151:3: Rule [/Common/Limit_Access_by_IP_Range] error: /Common/Limit_Access_by_IP_Range:2: error: [command is not valid in the current scope][class allowed_clients {

What am I doing wrong?

application delivery

iRules

Forum Discussion

iRule to allow certain IP and networks

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

What is Multi-Cloud Networking?

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

Community Learning Path: Multi-Cloud Networking

The App Delivery Fabric with Secure Multicloud Networking

F5 Network Map to Json with Python