Forum Discussion

Michael_Wood_18's avatar
Michael_Wood_18
Icon for Nimbostratus rankNimbostratus
Feb 27, 2015

Block range of IP address

I'm needing an iRule to block a range external IP addresses. Example: 106.37.0.0.0 to 106.39.255.255.255...

 

Any assistance would be appreciated, even a link to documentation that explains how to do this would be great...

 

application delivery
ASM Advanced WAF
devops
iRules
LTM
security
  • jdam_41848's avatar
    jdam_41848
    Feb 27, 2015

    Hi, I'm sure there are lots of options to do this but here is one I use.

     

    I have an iRule as shown below that references a datagroup called ipblock. Once in place you can just add either host IPs or networks into the datagroup that you want blocked.

     

    when CLIENT_ACCEPTED { if { ([ class match [IP::remote_addr] equals ipblock ]) } { reject } }

     

  • Lee_Payne_53457's avatar
    Lee_Payne_53457
    Icon for Cirrostratus rankCirrostratus
    Feb 27, 2015

    You want something like:

     

    when CLIENT_ACCEPTED { if { [IP::addr 106.37.0.0.0/13 equals [IP::client_addr]] } { drop }

     

    }

     

  • jdam_41848's avatar
    jdam_41848
    Icon for Altocumulus rankAltocumulus
    Feb 27, 2015

    Hi, I'm sure there are lots of options to do this but here is one I use.

     

    I have an iRule as shown below that references a datagroup called ipblock. Once in place you can just add either host IPs or networks into the datagroup that you want blocked.

     

    when CLIENT_ACCEPTED { if { ([ class match [IP::remote_addr] equals ipblock ]) } { reject } }