Create iRule condition with matching client IP from multiple IP subnet

Question

I need to create an iRule to check if a DNS query domain name matches a preconfigured list of domain name, AND client IP matches one of following network:
172.18.9.0/24
172.25.10.0/24

The iRule that I thought to be usable is:
when DNS_REQUEST {
set filter_list {
"abctest.example.com"

}
if  { [lsearch -exact $filter_list [DNS::question name]] ne -1 &amp;&amp; {![IP::addr [IP::client_addr] equals 172.18.9.0/24] ||![IP::addr [IP::client_addr] equals 172.25.10.0/24]}} {
    DNS::header rcode NXDOMAIN
    DNS::return
}
}

However, this condition doesn't work. DNS query that is not in above network will still have timeout message, instead of directly receive NXDomain response. I would like to know what I done wrong in my iRule condition, and feasible solution to make this iRule work properly.

abdessamad1 · Accepted Answer

I would use data-groups for host and IP matching, it's more elegant.
And try to add some logging to the irule to help you see what is going wrong.&nbsp;

Forum Discussion

Create iRule condition with matching client IP from multiple IP subnet

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Conditional XOR operations

Use switch for multiple conditions

Multiple Ways to Configure Usage Reporting in NGINX

Leverage F5 BIG-IP APM and Azure AD Conditional Access Easy button

Intermediate iRules: Nested Conditionals

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS