block ssh for a node ip

Question

hello experts,
We have a virtual server for anyip and port.
virtual V_Service_Forward_IP {
   ip forward
   destination any:any
   mask 0.0.0.0
   vlans service enable
}

Now I received a request from my customer to block ssh traffic for a particular IP 10.xxx.xxx.xx2. I suppose it is possible to achieve by iRule. 
when CLIENT_ACCEPTED {
    if { [[IP::remote_addr] equals 10.xxx.xxx.xx2] and [server_port == 22]} {       
        log local0. “ssh request for: [IP:remote_addr] from IP: [IP::client_addr] rejected by iRule blockssh”
        reject
    }
}

Kindly advise if it is ok or i missed something.
Many thanks.

kevin_stewart · Answer

You could also very easily do this with packet filter rules. The iRule will allows a full three-way handshake before denying the connection while the packet filter will stop it before that.
Otherwise your iRule might look like this:
when CLIENT_ACCEPTED {
    if { [IP::addr [IP::local_addr] equals 10.xxx.xxx.xx2] and [TCP::local_port == 22] } {
        log local0. "ssh request for: [IP::local_addr] from IP: [IP::client_addr] rejected by iRule blockssh"
        reject
    } 
}

Forum Discussion

block ssh for a node ip

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

Related Content

SSH Brute Force Protection with SSH Proxy

SSH forward proxy

Service Extensions with SSL Orchestrator: Advanced Blocking Pages

Enable telnet on SSH

Block IP after a number of ASM Blocks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS