Forum Discussion

Nimbostratus

Aug 13, 2010

Creating a TCP .net iRule to reject IP

Hello All, I am tring to block IPs that are not on a "White List" and log the rejections. Because this is an application using .net and TCP I can not use the HTTP profile. I have trie...

Altostratus

Aug 13, 2010

What version are you using? If you're using a newer version of 10.x, this will be the best way to do it.

when CLIENT_ACCEPTED {
if { !( [class match [IP::client_addr] eq IPsTest] )} {
discard
log local0. "WirelessCDL: Client Rejected:[IP::client_addr]"
} }

If you're on an older version:

when CLIENT_ACCEPTED {
if { !( [matchclass [IP::client_addr] eq $::IPsTest] )} {
discard
log local0. "WirelessCDL: Client Rejected:[IP::client_addr]"
} }

Using $:: disables CMP but I can't recall whether you can reference DGs without "class match"

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)