Forum Discussion
sandiksk_35282
Altostratus
AltostratusF5 Whitelisting/ Allowing a specific range of traffic to VS
We have a req to allow only specific subnet range and IPs to access the virtual server it would be great if you help me on this. VS on f5 is configured to listen only on port 443.
Create IP type LTM data-group. Define allowed IP/subnet values, and add optional descriptions. You can find data-group creation page at
. Example of an IP type data-group in CLI/TEXT format:Local Traffic - iRules - Data-group Listltm data-group internal datagroup_allowed_ip { records { 100.20.20.0/32 { } 199.20.20.128/25 { } } type ip }Create an iRule that checks for matches against entries in datagroup_allowed_ip
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] eq "datagroup_allowed_ip" ] }{ Traffic is allowed. Client IP match found in datagroup_allowed_ip return } else { Traffic is dropped. Client IP match not found in datagroup_allowed_ip drop } }
Hannes_Rapp
Nimbostratus
NimbostratusCreate IP type LTM data-group. Define allowed IP/subnet values, and add optional descriptions. You can find data-group creation page at
Local Traffic - iRules - Data-group Listltm data-group internal datagroup_allowed_ip {
records {
100.20.20.0/32 { }
199.20.20.128/25 { }
}
type ip
}
Create an iRule that checks for matches against entries in datagroup_allowed_ip
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] eq "datagroup_allowed_ip" ] }{
Traffic is allowed. Client IP match found in datagroup_allowed_ip
return
} else {
Traffic is dropped. Client IP match not found in datagroup_allowed_ip
drop
}
}
sandiksk_35282Altostratus
AltostratusI am not able to see any traffic hitting the irule . In the datagroup we specified the IP range . BUt i dont see any hits.
