For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smiley_dba_1116's avatar
smiley_dba_1116
Icon for Nimbostratus rankNimbostratus
May 06, 2013

Block multiple IPs

Quick question. is there a way to use a elseif/else statement to block more then one IP? I have the following iRule to block and singluar or whole subnet, but want to know how I can add an addition IP/Subnet to the rule. Thank you.

when CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
    drop
  }
}
application delivery
dev
devops
iRules

3 Replies

  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 07, 2013
    Try this, using a Data Group/Class; 

    
Create a Data Group (called source_ips below) with just the IP addresses 
of the hosts you’d like to accept

when CLIENT_ACCEPTED {
 if { not [class match [IP::client_addr] equals source_ips] } {
   reject }
}
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    May 09, 2013
    No it won't. If you need it the other way around remove the 'not' and put the unwanted addresses in the DG; everything else will pass.