For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

TFL-Support_913's avatar
TFL-Support_913
Icon for Nimbostratus rankNimbostratus
Jan 27, 2011

Data Group Lists for iRules

Hi everyone,

 

 

We need to create an iRule to allow access to a VIP from only a certain list of IP addresses. I can see how to do this by creating an iRule that references an IP Address Data Group. The problem lies in that we have a 20,000 user network and need to restrict the access to 600 individual IP addresses. We can do some summarization but we're still looking at 500 entries into the Data Group.

 

 

Does anyone know if you can import a text file or copy and paste somehow into the IP Address Data Group to save entering 500 IP addresses?

 

 

Thanks very much in advance.

 

-Tim
application delivery
dev
devops
iRules

11 Replies

Show More
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Mar 14, 2013
    Hi Chris,

     

     

    Reading over this may help: Writing iRules look in the sub-topic "Creating, managing, and using data groups".

     

     

    Location:An external data group must reside in either the /config or the /var/class directory. The default location for storing external data groups is the /config directory.

     

     

    As far as your formatting issue I think you must specify what it is in the External Class. If it's a host it automatically appends 255.255.255.255 in the background (you will only see this if you use iControl to pull the class members) and if it's a network it appends the assigned netmask:

     

     

    host 6.6.16.197 := "host1",

     

    host 6.1.17.133 := "host2",

     

    network 192.168.1.1/24 := "network1",