Forum Discussion
Block outbound connections via DNS rather than server_connected
I have an iRule that calls on a datagroup to block outbound traffic from my office to certain countries. The iRule is working, but I am using iRule event "server_connected" and when that occurs it just drops the connection. However, I would like to drop this connection before the actual connection to the remote server occurs. The concern being that there is a TCP handshake that occurs with the remote server using this iRule. Is there a way to set this up by using a DNS query or a geolocate function and if the query returns that the server is in one of the countries in the blacklist datagroup, the connection is denied/rejected?
Here is my current iRule with "OutboundBlackList" being the datagroup with the list of blocked countries.
when SERVER_CONNECTED {
if {([class match [whereis [IP::server_addr] country] equals "OutboundBlacklist"])}{
reject
}
}
Thank you for any help you can provide!
Take a look at the LB_SELECTED event. This event is called before the SERVER_CONNECTED event.
https://clouddocs.f5.com/api/irules/LB_SELECTED.htmlIt should be possible to put the evaluation into this event, so the connection can be rejected upfront.
- jlb4350Cirrus
Interesting. Thank you for that suggestion. So just replace SERVER_CONNECTED with LB_SELECTED in the iRule? Could you elaborate some on what LB_SELECTED does? The page is quite vague about how it works...
Thanks again for your help.
In the LB_SELECTED event you can get information about which pool member is selected and take some action on it. In this event you can evaluate the results of LB::server. You can use this to replace IP::server_addr in your current iRule. See the first iRule example in the article below.
https://clouddocs.f5.com/api/irules/LB__server.html
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com