Forum Discussion
NimbostratusACL Irule
I'm looking for a way to create an ACL Irule - can someone guide me. Running 11.4
Allow traffic from a specific subnet ONLY access to defined VS & Deny this subnet to be able to pass traffic to any other VS & Deny all other traffic to this VS
4 Replies
Mike_MaherSo if it is just one subnet that you are looking to control. In 11.4 you do have the ability to assign a single source subnet on the VS, and that should deny traffic from all other subnets but this one.
tacobell911_122can you reference the article on where this is setup ad the process please.
- Mike_Maher
I will looks for the article, but if you are running 11.4 just go into one of your VS it is the 5th line down it is called Source and the default is 0.0.0.0/0 (Allow All).
Cthulhucalling_Cirrus
What is sounds like is a 2 part problem: Subnet X is allowed to get to VS1 but no other VS. No subnet except Subnet X is allowed to get to VS1.
With VS1 you can specify a Source under the General Properties of the VS1. This will block all except Subnet X from accessing VS1. To attack the second half of your issue, you may need an iRule to prevent Subnet X from accessing VS2,3,4, etc.. this can get unwieldy, I would suggest looking at the Network Firewall module if you have it and kill two birds with one stone. You can allow Subnet X to VS1 and prevent all others and prevent Subnet X from accessing all the other Virtual Servers.
