For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

6 Replies

  • Ricardo73_14775's avatar
    Ricardo73_14775
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2014

    Hello Jason,

     

    I am trying to create en iRule where I can lockdown tcp port 80 and 443 and only allow a /24 subnet. I am not sure how to write that script.

     

    I have this so far for the subnet, but not for the TCP ports

     

    when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { reject } }

     

    If there is another way, by all means let me know.

     

    Thank you for your help.

     

  • Vitaliy_Savrans's avatar
    Vitaliy_Savrans
    Icon for Nacreous rankNacreous
    Mar 20, 2014

    There is another way to do it, by using packet filter.

    Network / Packet Filter / Rules /Create

    the wizzard for creating rules is very simple

  • Ricardo73_14775's avatar
    Ricardo73_14775
    Icon for Nimbostratus rankNimbostratus
    Mar 20, 2014

    is this a script or where do I apply this?

     

    I want this to be permanent? would this do it? or is it better to use an iRule?

     

    Please show me the script on how to configure either one of those options.

     

    Thank you!

     

  • juergen_lampar1's avatar
    juergen_lampar1
    Icon for Nimbostratus rankNimbostratus
    Mar 25, 2014

    Hi,

     

    is there a performance difference between ACL or iRule to block or allow ports?

     

    greetings Juergen