Forum Discussion

Jason_Tan_40947's avatar
Jason_Tan_40947
Icon for Nimbostratus rankNimbostratus
Feb 24, 2010

Covert ServerIron ACL into LTM iRule

Hi,

 

 

I am a beginner and need to migrate from ServerIron to F5 LTM. In the ServerIron, it has the following iRule:

 

 

(1) ip filter 1 deny 172.30.0.0 255.255.248.0 172.0.0.0 255.0.0.0 tcp eq http

 

(2) ip filter 2 deny 172.30.0.0 255.255.248.0 any tcp eq http

 

(3) ip filter 17 deny any 172.22.88.253 255.255.255.255 tcp eq http

 

 

Basically the rule above will not intercept the traffic and just forward the traffic.

 

 

 

I have tried using the following iRule for (2)

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::client_addr] equals $::HTTP_bluecoat_bypass ]} {

 

forward

 

}

 

else {

 

pool [LB::server pool]

 

}

 

}

 

 

 

Please advise how I can include (1) & (3) into the iRule above.

 

 

Thanks!
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Feb 25, 2010
    Hi Jason,

    If you want to take the same action for the other hosts/subnets in the ACL, you can add the two other entries to the HTTP_bluecoat_bypass datagroup. Also, you don't need to specify the pool command as any connections which don't match the datagroup will use the VIP's default pool. 

     
 when CLIENT_ACCEPTED { 
  
     Check if client IP is defined in the datagroup 
    if { [matchclass [IP::client_addr] equals HTTP_bluecoat_bypass]} { 
  
        Don't load balance connection--just send it on untranslated to the destination IP 
       forward 
    } 
     Default action is to use VIP's default pool 
 }

    Aaron