For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Tan_40947's avatar
Jason_Tan_40947
Icon for Nimbostratus rankNimbostratus
Feb 24, 2010

Covert ServerIron ACL into LTM iRule

Hi,     I am a beginner and need to migrate from ServerIron to F5 LTM. In the ServerIron, it has the following iRule:     (1) ip filter 1 deny 172.30.0.0 255.255.248.0 172.0.0.0 ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 25, 2010
Hi Jason,

If you want to take the same action for the other hosts/subnets in the ACL, you can add the two other entries to the HTTP_bluecoat_bypass datagroup. Also, you don't need to specify the pool command as any connections which don't match the datagroup will use the VIP's default pool. 

 
 when CLIENT_ACCEPTED { 
  
     Check if client IP is defined in the datagroup 
    if { [matchclass [IP::client_addr] equals HTTP_bluecoat_bypass]} { 
  
        Don't load balance connection--just send it on untranslated to the destination IP 
       forward 
    } 
     Default action is to use VIP's default pool 
 }

Aaron