For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ringoseagull_77's avatar
ringoseagull_77
Icon for Nimbostratus rankNimbostratus
Nov 21, 2013

Bulk add entries to Data Group List

I need to add a new data group for Office365. The admin has given me a list of 150 allowed IP addresses and networks to add, but the GUI only seems to allow one entry to be added at a time.

 

I had considered manually adding them to bigip.conf, but then I'd have the risk of syntax errors and would have to make the change on a standby box, reboot to read the config, fail over to the other box etc. Carries a risk of error and would require change control etc.

 

Is there a better way to do it?

 

5 Replies

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Nov 21, 2013

    3 spring to mind immediately... Undoubtedly there's more, but in order of (My personal) preference

     

    1. You could write a script and add them via iControl (Remotely from anywhere with https access to the BigIP)
    2. Write a script and add them via tmsh (Locally on BigIP)
    3. Create the config by hand and load it using the merge option.

    I favour the 1 script because when you have multiple clusters with the same DG across them, you can just point the script at multiple units and it's as easy as the first. Updates also become easy...

     

    H

     

  • ringoseagull_77's avatar
    ringoseagull_77
    Icon for Nimbostratus rankNimbostratus
    Nov 21, 2013

    Thanks very much for your response. I don't have iControl. The tmsh option looks useful, not that I've used it before, but it's probably about time I did.

     

    In the short term using the merge command might be my quickest option as this is an immediate requirement, and look at getting some tmsh experience for next time.

     

  • Hamish's avatar
    Hamish
    Icon for Cirrocumulus rankCirrocumulus
    Nov 21, 2013

    Note that with option 2 you could write as an external script that just calls tmsh, or a full blown TCL tmsh script that runs within tmsh itself...

     

    H

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Nov 21, 2013

    Try this:

    With address list like this (address-list.txt):

    10.10.10.0/24
10.10.20.0/24
10.10.30.0/24
10.10.40.0/24
10.10.50.0/24
10.10.60.0/24
10.10.70.0/24
10.10.80.0/24
10.10.90.0/24

    and a simple Bash script like this:

    !/bin/bash

while read p
do
    tmsh modify / ltm data-group internal private_net_test records add { $p }
done < address-list.txt
  • ringoseagull_77's avatar
    ringoseagull_77
    Icon for Nimbostratus rankNimbostratus
    Nov 22, 2013

    Thanks Kevin, I've opted for merge or load this time as the verify option will satisfy CAB conditions, but might use that next time.