Forum Discussion
Akshay_SK
Nimbostratus
NimbostratusAuto removal of IP addresses from F5 data group.
Hello,
We have been using a F5 datagroup in our org for IP blacklisting approach. So an IP added to this data group will be rejected traffic by our F5. Now this datagroup has IP addresses added more than 4 years ago, hence its a long list of IPs. We are looking into automating this IP blacklist approach. I would like to know if there are any APIs in F5 that can
- blacklist an IP along with a timestamp (or at least a date)
- remove multiple IPs that match a given time frame (from start date to an end date)
- Add a removal timer while adding the IP to the blacklist data group.
- Nikoolayy1
MVP
See the link below as this is good question but yes API is the way to go.
- whisperer
Think the poster also needs to address the time stamp storage. I checked the API for datagroups, and we dont support a 'description' field where an epoch timestamp would be ideal.
https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_ltm_data-group_internal.html
Instead, we can use key / value pairs. Store the IP address as NAME and the epoch time in DATA. Using this approach, it would be easy via iRule or whatever to lookup a source IP against the datagroup, retrieve the last acess time in epoch format, and either perform a comparison or update. Of course one could also programmatically iterate through the datagroup list and purge out old entries.
- zamroni777
Nacreous
alternatively, maintain the input data in excel/etc which you can put dates in it.
then only copy paste the ip addresses to text file and upload it to f5 to fill the datagroup:
