For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

arnaud_charlier's avatar
arnaud_charlier
Icon for Nimbostratus rankNimbostratus
Sep 03, 2010

Block ports with an Irule

Hi all,

 

 

I have a little issue with the way we configured our Virtual server. Some of them are listening to all ports, which is a problem when we try to run a penetration test. When we scan an IP that use such a VS, we get false open ports which is quite annoying.

 

The support told me that the only way to fix that is to remove all the VS and reconfigure 1 for each of the ports we need to open. This is not something I'm really keen to do when some of the servers have about 10 ports open and we have 2 network connection, that means 20 Virtual servers... reproduced on a couple of servers and that's a terrible mess and a big process to go through.

 

This is what brings me here to ask you if it's possible to create an Irule to block a range of ports for a specific IP/VS

 

I'm a complete newbie when it comes to Irules so if it's possible I would appreciate some help to understand how I can do that

 

 

Thanks!!!

 

application delivery
dev
devops
iRules

2 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Sep 03, 2010
    Oh... iRules above not tested... Any syntax errors are my own typing, may eat your dog or run off with your girlfriend etc...

     

     

    H
  • arnaud_charlier's avatar
    arnaud_charlier
    Icon for Nimbostratus rankNimbostratus
    Sep 03, 2010
    Thank you very much for this clear and complete answer!

     

    I'll have a look at those irules and the packet filter and decide whether I'll do that or create all the virtual servers!

     

     

    Many Thanks!

     

    Arnaud