For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jaskel_40663's avatar
jaskel_40663
Icon for Nimbostratus rankNimbostratus
Apr 24, 2009

blocking UDP ports

I have a wildcard virtual server for some UDP ports, but I would like to block client from reaching any UDP port that is lower than 6970. I have this iRule, but it doesn't seem to be behaving as I wou...
application delivery
dev
devops
iRules
jaskel_40663's avatar
jaskel_40663
Icon for Nimbostratus rankNimbostratus
Apr 24, 2009
Turns out I was just a total moron and I was getting answers from an internal DNS server that I did not want to see. I modified the code a little so I could see what was going on, so I see that my rules works well:

 

 

 

 

 
 when CLIENT_ACCEPTED { 
 set udp_start 6970 
 set udp_dst [UDP::local_port] 
 if { $udp_dst >= $udp_start } { 
 pool pool_rtsp-sjl-4-UDP 
 } else { 
 log "Someone is creepin" 
 discard 
 } 
 }

 

And here is the log statement:

 

 
 Apr 24 16:46:51 tmm tmm[2210]: 01220002:6: Rule block_udp : Someone is creepin 
 Apr 24 16:46:56 tmm tmm[2210]: 01220002:6: Rule block_udp : Someone is creepin 
 Apr 24 16:47:01 tmm tmm[2210]: 01220002:6: Rule block_udp : Someone is creepin