Forum Discussion
CirrusBlock outbound connections via DNS rather than server_connected
CirrusI guess I didn't specify, but my f5 is acting as a firewall. I didn't set it up this way, but it is performing the traffic filtering, not a firewall. Would LB_SELECTED still apply in this case? I just want to drop the traffic before connecting to the remote server rather than after it connects. Would I use HTTP_REQUEST rather than SERVER_CONNECTED? If I should still use LB_SELECTED, would you mind editing my rule to show an example?
Sorry for all the questions, I'm still trying to get my head wrapped around how iRules work, especially with the way the system is configured. I really appreciate your time.
Try creating a new virtual server, where it's safe to experiment with the iRule. You can try the iRule below.
when LB_SELECTED {
log local0. "LB_SELECTED: debug"
if ([class match [whereis [LB::server addr] country] equals "OutboundBlacklist"])}{
log local0. "LB_SELECTED: [LB::server addr] found on OutboundBlacklist -> reject"
reject
}
}
when SERVER_CONNECTED {
log local0. "SERVER_CONNECTED: debug"
if {([class match [whereis [IP::server_addr] country] equals "OutboundBlacklist"])}{
log local0. "SERVER_CONNECTED: [IP::server_addr] found on OutboundBlacklist -> reject"
reject
}
}As you can see the iRule contains some extra logging options. You should see the output in /var/log/ltm. Try sending some traffic through your test virtual server and check the logs.
About the HTTP_REQUEST event. When this event is triggered, there is no information about the server side server IP-address yet. Remember you have the client side client, client side server, server side client and server side server IP-addresses. Your action needs to to match the server side server IP-address.
- jlb4350
Awesome, I will definitely give this a try and report back when we do. I really appreciate your time and assistance!
