F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

smiley_dba_1116's avatar
smiley_dba_1116
Icon for Nimbostratus rankNimbostratus
Dec 06, 2012

Block external IP address from hitting VS

Can someone help me with an iRule that blocks and external IP address from hitting my VS"s?

 

External IP VS

 

177.177.177.177 -----------------------> 180.180.180.180:21

 

 

I know I would normally just add a firewall ACL, but this VS sits directly out in 'net and would like to use a iRule to issue the block.

 

Thank you!! Sincerely,

 

RGW

 

application delivery
dev
devops
iRules

3 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Dec 06, 2012

    when CLIENT_ACCEPTED {

     

    if {[IP::client_addr] eq "yourIPaddress"]} { reject }

     

    }

     

     

    replace yourIPaddress with the address of the client you are trying to stop.

     

    Regards

     

    Kevin

     

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Dec 12, 2012
    Note that a Packet Filter might provide better DDoS protection. Also, using 'drop' rather than 'reject' in the iRule will prevent any response to the client at all and save a few CPU cycles, RAM bits and connections.
  • Mohamed_Lrhazi's avatar
    Mohamed_Lrhazi
    Icon for Altocumulus rankAltocumulus
    Dec 12, 2012
    Should be: 

    
when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
    drop
  }
}

    drop also waists the attackers time, which is cool 🙂