Forum Discussion
Datalist Group I rule function
when CLIENT_ACCEPTED { if { not [matchclass [IP::client_addr] equals $::Pool_Test_Allowed_List] } { Comment the line below to turn off logging. log local0. "Invalid client IP: [IP::client_addr] - discarding traffic" discard } else { Uncomment the line below to turn on logging. log local0. "Valid client IP: [IP::client_addr] - forwarding traffic" } }
I have created a new VIP on our F5 and the client requested only a certain network can access the services. I created a whitelist datalist group with the above rule. As this was used for a different service I only changed the destination of the Pool.
From reading this IRule Am I right in saying when client accepted and it equals the IP from the datalist group it will allow anything else will get dropped?
3 Replies
- Michael_Jenkins
Cirrostratus
I think your code looks good. Depending on what version you're running, you could use class instead of matchclass.
when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals Pool_Test_Allowed_List]} { Uncomment the line below to turn on logging. log local0. "Valid client IP: [IP::client_addr] - forwarding traffic" } else { Comment the line below to turn off logging. log local0. "Invalid client IP: [IP::client_addr] - discarding traffic" discard } } - avnishvyas_1974
Nimbostratus
Hi Michael J
Thanks for your response the code im running is BIG-IP 10.2.2 Build 930.0 Hotfix HF3 The reason i selected Matchclass is because I have another rule working the same function for a different whitelist I will have to try both out if this code allows me to use class instead of matchclass.
Cheers AV
- Michael_Jenkins
Cirrostratus
Gotcha. We're on v11.x, so part of the matchclass syntax fails (you can check out the matchclass wiki page for details). According to that wiki page, the matchclass is 'deprecated' in v10 in favor of the class command instead too.
Help guide the future of your DevCentral Community!
What tools do you use to collaborate? (1min - anonymous)Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com