Forum Discussion
TFL-Support_913
Nimbostratus
NimbostratusData Group Lists for iRules
Hi everyone,
We need to create an iRule to allow access to a VIP from only a certain list of IP addresses. I can see how to do this by creating an iRule that references an IP Address Data Group. The problem lies in that we have a 20,000 user network and need to restrict the access to 600 individual IP addresses. We can do some summarization but we're still looking at 500 entries into the Data Group.
Does anyone know if you can import a text file or copy and paste somehow into the IP Address Data Group to save entering 500 IP addresses?
Thanks very much in advance.
-Tim
11 Replies
- Chris_Miller
Altostratus
You could either use an external class which requires you to create a file and paste it in there...otherwise, you could simply edit the config file and paste into there. 
John_Finucane_8Another option is to look at iControl to handle the Data Group
Using the LocalLBAddress class:
getStringClassInfo();
getAddressClassInfo();
setStringClassInfo();
setAddressClassInfo();
deleteClassInfo();- Your best options are:
- Uploading a text file in the appropriate format
- Using an iControl script that's on the forums somewhere (I KNOW Joe has one for this, just gotta find it, I'll look in a minute...)
- TMSH? I'll have to check but I bet TMSH could whip this out too.
Colin 
TFL-Support_913Hi guys,
thanks a bunch for your quick replies. this sounds promising. I'll do some research on using iControl. I'm not too sure what TMSH is.
Thanks again
Tim
Chris_Klomp_115I'm new here and am trying to create the ip list to be imported as a data-group.
This is my file:
Trying to import it with the GUI, I get error: 01070626:3: The IP data group external file (/config/filestore/.stage_d/502_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.6.6.16.197/32 := "host1", 6.1.17.133/32 := "host 2",Then I tried to load it from the command line and I get:
What am I doing wrong? Rgds, Chris.[chris@LTM-51:Active] ~ tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path /var/class/banned-ip-list.dg type address Syntax Error: invalid property value "type":"address" [chris@LTM-51:Active] ~ tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path /var/class/banned-ip-list.dg type ip curl: (3) malformed Unexpected Error: Failed! exit_code (3). [chris@LTM-51:Active] ~- You need to preceed the name of the file with
file:
file:/var/class/banned-ip-list.dg - nitass
Employee
01070626:3: The IP data group external file (/config/filestore/.stage_d/502_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.have you seen "Handling Line Terminator Discrepencies" section in the following article? can you try?
v11: iRules Data Group Updates by Jason
https://devcentral.f5.com/tech-tips/articles/v11-irules-data-group-updates - Chris_Klomp_115OK I'm now getting to the invalid format error 😞
I've tried6.6.16.197/32 := "host1", 6.1.17.133/32 := "host 2","6.6.16.197/32" := "host1", "6.1.17.133/32" := "host 2",6.6.16.197 := "host1", 6.1.17.133 := "host 2",
and"6.6.16.197" := "host1", "6.1.17.133" := "host 2",
Non of them work same error:tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path file:/var/class/banned-ip-list.dg type ip 01070626:3: The IP data group external file (/config/filestore/.stage_d/524_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.
And I only have a \n as line separator...
What am I missing? - nitasse.g.
[root@ve11a:Active:Changes Pending] config cat /var/tmp/test.txt host 6.6.16.197 := "host1", network 6.6.17.0/24 := "host2", [root@ve11a:Active:Changes Pending] config tmsh create sys file data-group banned-ip-list separator := source-path file:/var/tmp/test.txt type ip [root@ve11a:Active:Changes Pending] config tmsh list sys file data-group banned-ip-list sys file data-group banned-ip-list { checksum SHA1:60:37aa2406b8368adf69e80ce408890d9efcbc9b3c create-time 2013-03-14:21:12:28 created-by root last-update-time 2013-03-14:21:12:28 mode 33152 revision 1 size 60 source-path file:/var/tmp/test.txt type ip updated-by root }
