Forum Discussion
Bhuvnesh_102719
Nimbostratus
Nimbostratusblock ssh for a node ip
hello experts,
We have a virtual server for anyip and port.
virtual V_Service_Forward_IP {
ip forward
destination any:any
mask 0.0.0.0
vlans service enable
}
Now I received a re...
Kevin_Stewart
Employee
EmployeeYou could also very easily do this with packet filter rules. The iRule will allows a full three-way handshake before denying the connection while the packet filter will stop it before that.
Otherwise your iRule might look like this:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 10.xxx.xxx.xx2] and [TCP::local_port == 22] } {
log local0. "ssh request for: [IP::local_addr] from IP: [IP::client_addr] rejected by iRule blockssh"
reject
}
}
