Forum Discussion
CirrusApply ACL to an F5 VIP (11.4.1)
Hi
"Source" Option in the WebUI under the F5 VIP only seems to allow for one subset.
"Packet filter" only seems to apply to VLAN's.
Do I have to create an iRule for this? If so, what would be the most efficient method to just match on specific source addresses and allow only that subnets. e.g. below
2 match source-address 172.18.50.0 255.255.255.0 3 match source-address 10.12.20.0 255.255.252.0 4 match source-address 10.12.25.0 255.255.255.0
In regards to 11.4.1, we are only using the /Common parition if a datagroup was the best method.
Thanks!
3 Replies
- nitass
Employee
Do I have to create an iRule for this?
you can create multiple identical virtual servers but different source. anyway, i would prefer using irule rather than multiple virtual servers.
Access Control Based On Network Or Host by Aaron
https://devcentral.f5.com/wiki/irules.AccessControlBasedOnNetworkOrHost.ashxpacket filter affects both admin and client traffic. i would prefer it as the last resource.
just my 2 cents.
TJ_VreugdenhilThank you nitass. That is helpful, however, do you know where I can find an 11.x (11.4.1) iRule example? Aaron's link includes one for 9 and 10, and not yet for 11. Would you happen to have a simple sample for 11.4.1 to allow for a group of source networks?
Thanks!
- nitass
do you know where I can find an 11.x (11.4.1) iRule example?
10.x version is also applicable for 11.x.
