Allowed IP relayers list via iRule?

Question

If we route our mail server through the BIG IP  - we can't successfully utilize IP based relaying allowance, at least not on the mail server side, since the mail server will only see the self IP of the LTM. 
&nbsp;  
&nbsp; Is there a way we can use an iRule to allow only a certain list of IPs to connect?

the_bhattman · Answer

You can build a irule that allows certain IPs to access the nodes or pools 
&nbsp;  
&nbsp; http://devcentral.f5.com/Wiki/default.aspx/iRules/IP__addr.html 
&nbsp;  
&nbsp; hope this helps 
&nbsp; CB &nbsp;

pjcampbell_7243 · Answer

Thanks 
&nbsp;  
&nbsp; Sounds like I was over-complicating things.  Here's a great, very easy way to do it: 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED {  
&nbsp;    if { ! ( [matchclass [IP::client_addr] equals $::relay_hosts_allowed] ) } {  
&nbsp;      drop  
&nbsp;    }  
&nbsp;  } 
&nbsp;  
&nbsp;  
&nbsp; where relay_hosts_allowed is a "data list"

Forum Discussion

Allowed IP relayers list via iRule?

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

IRule to Allow Counries F5 13.0 Software

iRules Style Guide

iRule command to allow IP range to access specific URL

Managing Model Context Protocol in iRules - Part 3

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS