Basic iRule

Question

Sirs and Ma'ams:&nbsp;
I'm new to F5 (even newer to iRules) and I'm stuck on comprehending the operators/commands. What I'm trying to do is handle traffic from Linux machines and send to one pool while Windows machines go to a separate pool. The work requirement is done by TCP port. The iRule documentation is overwhelming at this point since I have no prior coding experience. The F5 returns an error "01070151:3: Rule [/Common/iRule-redirect-Test] error: /Common/iRule-redirect-Test:2: error: [missing a script after "if"][ ]
/Common/iRule-redirect-Test:3: error: [parse error: PARSE missingBracket 84 {missing close-bracket}][{ [TCP::local_port == 80 }]
/Common/iRule-redirect-Test:7: error: [missing a script after "if"][ ]"&nbsp;
Here is what I have:&nbsp;
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals x.x.x.x/24] } 
if { [TCP::local_port == 80 }
{
pool HTTP-Pool
}
if { [IP::addr [IP::remote_addr] equals x.x.x.x/24] } 
if { [TCP::local_port] == 22}
{
pool SSH-Pool
}
}&nbsp;

nathe · Answer

Lboogie25, looks like there's no ] after your first TCP::local_port == 80 command.&nbsp;
This should sort but a word on your irule. As your first if statement is duplicated ie your checking the remote address, you could clean it up by using a nested if statement and using if/elseif. &nbsp;
See https://devcentral.f5.com/articles/irules-101-13-nested-conditionals for what I mean.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

lboogie25_20449 · Answer

Thanks for your help, Nathan. When I added the missing bracket, that didn't help. My TCP::local_port argument is incorrect. See error message:
01070151:3: Rule [/Common/iRule-redirect-Test] error: /Common/iRule-redirect-Test:2: error: [missing a script after "if"][ ]
/Common/iRule-redirect-Test:3: error: [wrong  args][TCP::local_port == 80]
/Common/iRule-redirect-Test:7: error: [missing a script after "if"][ ]&nbsp;
I guess what I'm struggling with are the available commands. Do you know where I can find a list of available arguments/variables to manipulate?&nbsp;

lboogie25_20449 · Answer

Here is the new error message and screenshot&nbsp;
&nbsp;

mark_22062 · Answer

Because you are doing an if statement within an if statement I'd say you would need this:
 when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 192.168.1.1]}
{ if {[TCP::client_port equals 80} {pool Our-HTTP_Pool}}

if { [IP::addr [IP::remote_addr] equals 192.168.1.1]}
{ if {[TCP::client_port equals 22} {pool IRule-22-Test}}
}

A more elegant way would be:
 when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 192.168.1.1]}
{ if {[TCP::client_port equals 80} {pool Our-HTTP_Pool}}
elseif {[TCP::client_port equals 22} {pool IRule-22-Test}
}

You might want to consider what you want to do with traffic that doesn't match.

kai_wilke · Answer

Hi Lboogie25,
you may try this snippet if each pool needs a different IP address filter...
when CLIENT_ACCEPTED { 
    if { [IP::addr [IP::remote_addr] equals x.x.x.x/24] and ([TCP::local_port] == 80) } then {
        pool HTTP-Pool
    } elseif { [IP::addr [IP::remote_addr] equals x.x.x.x/24] and ( [TCP::local_port] == 22 ) } then { 
        pool SSH-Pool 
    } 
}

... or if both pools using the same IP address filter, then try this snippet...
when CLIENT_ACCEPTED { 
    if { [IP::addr [IP::remote_addr] equals x.x.x.x/24] {
        if { [TCP::local_port] == 80 } then {
            pool HTTP-Pool
        } elseif { [TCP::local_port] == 22 } then { 
            pool SSH-Pool 
        } 
    }
}

Cheers, Kai

Forum Discussion

Basic iRule

Recent Discussions

Reporting Help Needed

Switch ssl profile based on weak cipher detection via IRULE

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

full-proxy HTTP2

Related Content

iRule basic authentification on the node issue

How to allow F5 to do basic routing and allow out of order syn-acks

iRULE regsub error

owa iapp assign irule

Irule Trigger two times

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS