Create iRule condition with matching client IP from multiple IP subnet

Question

I need to create an iRule to check if a DNS query domain name matches a preconfigured list of domain name, AND client IP matches one of following network:
172.18.9.0/24
172.25.10.0/24

The iRule that I thought to be usable is:
when DNS_REQUEST {
set filter_list {
"abctest.example.com"

}
if  { [lsearch -exact $filter_list [DNS::question name]] ne -1 &amp;&amp; {![IP::addr [IP::client_addr] equals 172.18.9.0/24] ||![IP::addr [IP::client_addr] equals 172.25.10.0/24]}} {
    DNS::header rcode NXDOMAIN
    DNS::return
}
}

However, this condition doesn't work. DNS query that is not in above network will still have timeout message, instead of directly receive NXDomain response. I would like to know what I done wrong in my iRule condition, and feasible solution to make this iRule work properly.

abdessamad1 · Accepted Answer

I would use data-groups for host and IP matching, it's more elegant.
And try to add some logging to the irule to help you see what is going wrong.&nbsp;

Forum Discussion

Create iRule condition with matching client IP from multiple IP subnet

Recent Discussions

iRule URI rewrites don't always use the correct pool

Resolving DNS, and dynamically selecting pool

Citrix Storefront 2402 with F5 APM

ASM / WAF - Requests getting blocked due to encoded usernames

Datagroup with address and value

Related Content

Conditional XOR operations

Use switch for multiple conditions

Multiple Ways to Configure Usage Reporting in NGINX

Intermediate iRules: Nested Conditionals

Leverage F5 BIG-IP APM and Azure AD Conditional Access Easy button

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS