Forum Discussion

TFL-Support_913's avatar
TFL-Support_913
Icon for Nimbostratus rankNimbostratus
Jan 27, 2011

Data Group Lists for iRules

Hi everyone,

 

 

We need to create an iRule to allow access to a VIP from only a certain list of IP addresses. I can see how to do this by creating an iRule that references an IP Address Data Group. The problem lies in that we have a 20,000 user network and need to restrict the access to 600 individual IP addresses. We can do some summarization but we're still looking at 500 entries into the Data Group.

 

 

Does anyone know if you can import a text file or copy and paste somehow into the IP Address Data Group to save entering 500 IP addresses?

 

 

Thanks very much in advance.

 

-Tim
application delivery
dev
devops
iRules

11 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Jan 27, 2011
    You could either use an external class which requires you to create a file and paste it in there...otherwise, you could simply edit the config file and paste into there.
  • John_Finucane_8's avatar
    John_Finucane_8
    Icon for Nimbostratus rankNimbostratus
    Jan 27, 2011
    Another option is to look at iControl to handle the Data Group

     

     

    Using the LocalLBAddress class:

     

     

    getStringClassInfo();

     

    getAddressClassInfo();

     

    setStringClassInfo();

     

    setAddressClassInfo();

     

    deleteClassInfo();
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Jan 27, 2011
    Your best options are:

     

     

    - Uploading a text file in the appropriate format

     

    - Using an iControl script that's on the forums somewhere (I KNOW Joe has one for this, just gotta find it, I'll look in a minute...)

     

    - TMSH? I'll have to check but I bet TMSH could whip this out too.

     

     

    Colin
  • TFL-Support_913's avatar
    TFL-Support_913
    Icon for Nimbostratus rankNimbostratus
    Jan 27, 2011
    Hi guys,

     

    thanks a bunch for your quick replies. this sounds promising. I'll do some research on using iControl. I'm not too sure what TMSH is.

     

    Thanks again

     

    Tim
  • Chris_Klomp_115's avatar
    Chris_Klomp_115
    Icon for Nimbostratus rankNimbostratus
    Mar 13, 2013

    I'm new here and am trying to create the ip list to be imported as a data-group.

    This is my file:

    
6.6.16.197/32 := "host1",
6.1.17.133/32 := "host 2",

    Trying to import it with the GUI, I get error:

    01070626:3: The IP data group external file (/config/filestore/.stage_d/502_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.

    Then I tried to load it from the command line and I get:

    
[chris@LTM-51:Active] ~  tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path /var/class/banned-ip-list.dg type address Syntax Error: invalid property value "type":"address"
[chris@LTM-51:Active] ~  tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path /var/class/banned-ip-list.dg type ip curl: (3)  malformed Unexpected Error: Failed! exit_code (3). [chris@LTM-51:Active] ~

    What am I doing wrong?

    Rgds, Chris.

  • Mark_Crosland_2's avatar
    Mark_Crosland_2
    Historic F5 Account
    Mar 13, 2013
    You need to preceed the name of the file with

     

    file:

     

     

    file:/var/class/banned-ip-list.dg

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 14, 2013
    01070626:3: The IP data group external file (/config/filestore/.stage_d/502_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.have you seen "Handling Line Terminator Discrepencies" section in the following article? can you try?

     

     

    v11: iRules Data Group Updates by Jason

     

    https://devcentral.f5.com/tech-tips/articles/v11-irules-data-group-updates
  • Chris_Klomp_115's avatar
    Chris_Klomp_115
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2013
    OK I'm now getting to the invalid format error 😞

    I've tried 

    6.6.16.197/32 := "host1",
6.1.17.133/32 := "host 2",

    "6.6.16.197/32" := "host1",
"6.1.17.133/32" := "host 2",

    6.6.16.197 := "host1",
6.1.17.133 := "host 2",

    and 

    "6.6.16.197" := "host1",
"6.1.17.133" := "host 2",

    Non of them work same error: 

    tmsh create /sys file data-group banned-ip-list.file separator ":=" source-path file:/var/class/banned-ip-list.dg type ip
01070626:3: The IP data group external file (/config/filestore/.stage_d/524_d/Common_d/data_group_d/:Common:banned-ip-list.file_1) has an invalid format, line: 1.

    And I only have a \n as line separator...

    What am I missing?

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 14, 2013
    e.g. 

    [root@ve11a:Active:Changes Pending] config  cat /var/tmp/test.txt
host 6.6.16.197 := "host1",
network 6.6.17.0/24 := "host2",

[root@ve11a:Active:Changes Pending] config  tmsh create sys file data-group banned-ip-list separator := source-path file:/var/tmp/test.txt type ip

[root@ve11a:Active:Changes Pending] config  tmsh list sys file data-group banned-ip-list
sys file data-group banned-ip-list {
    checksum SHA1:60:37aa2406b8368adf69e80ce408890d9efcbc9b3c
    create-time 2013-03-14:21:12:28
    created-by root
    last-update-time 2013-03-14:21:12:28
    mode 33152
    revision 1
    size 60
    source-path file:/var/tmp/test.txt
    type ip
    updated-by root
}