For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Oct 23, 2023

Block outbound connections via DNS rather than server_connected

I have an iRule that calls on a datagroup to block outbound traffic from my office to certain countries. The iRule is working, but I am using iRule event "server_connected" and when that occurs it ju...
devops
  • jlb4350's avatar
    jlb4350
    Icon for Cirrus rankCirrus
    Oct 23, 2023

    Interesting. Thank you for that suggestion. So just replace SERVER_CONNECTED with LB_SELECTED in the iRule? Could you elaborate some on what LB_SELECTED does? The page is quite vague about how it works...

    Thanks again for your help.

    • Niels_van_Sluis's avatar
      Niels_van_Sluis
      Icon for MVP rankMVP
      Oct 23, 2023

      In the LB_SELECTED event you can get information about which pool member is selected and take some action on it. In this event you can evaluate the results of LB::server. You can use this to replace IP::server_addr in your current iRule. See the first iRule example in the article below.

      https://clouddocs.f5.com/api/irules/LB__server.html

       

      • jlb4350's avatar
        jlb4350
        Icon for Cirrus rankCirrus
        Oct 23, 2023

        I guess I didn't specify, but my f5 is acting as a firewall. I didn't set it up this way, but it is performing the traffic filtering, not a firewall. Would LB_SELECTED still apply in this case? I just want to drop the traffic before connecting to the remote server rather than after it connects. Would I use HTTP_REQUEST rather than  SERVER_CONNECTED? If I should still use LB_SELECTED, would you mind editing my rule to show an example?

        Sorry for all the questions, I'm still trying to get my head wrapped around how iRules work, especially with the way the system is configured. I really appreciate your time.