Allowed IP relayers list via iRule?

Question

If we route our mail server through the BIG IP  - we can't successfully utilize IP based relaying allowance, at least not on the mail server side, since the mail server will only see the self IP of the LTM. 
&nbsp;  
&nbsp; Is there a way we can use an iRule to allow only a certain list of IPs to connect?

the_bhattman · Answer

You can build a irule that allows certain IPs to access the nodes or pools 
&nbsp;  
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/IP__addr.html 
&nbsp;  
&nbsp; hope this helps 
&nbsp; CB &nbsp;

pjcampbell_7243 · Answer

Thanks 
&nbsp;  
&nbsp; Sounds like I was over-complicating things.  Here's a great, very easy way to do it: 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED {  
&nbsp;    if { ! ( [matchclass [IP::client_addr] equals $::relay_hosts_allowed] ) } {  
&nbsp;      drop  
&nbsp;    }  
&nbsp;  } 
&nbsp;  
&nbsp;  
&nbsp; where relay_hosts_allowed is a "data list"

Forum Discussion

Allowed IP relayers list via iRule?

Recent Discussions

F5 LTM listening on 3306

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Related Content

IRule to Allow Counries F5 13.0 Software

iRule command to allow IP range to access specific URL

iRules Style Guide

Irule for logging Allowed Response status code

allow one url from blocks geolocation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS