Forum Discussion
F5 Whitelisting/ Allowing a specific range of traffic to VS
- Mar 06, 2018
Create IP type LTM data-group. Define allowed IP/subnet values, and add optional descriptions. You can find data-group creation page at
. Example of an IP type data-group in CLI/TEXT format:Local Traffic - iRules - Data-group List
ltm data-group internal datagroup_allowed_ip { records { 100.20.20.0/32 { } 199.20.20.128/25 { } } type ip }
Create an iRule that checks for matches against entries in datagroup_allowed_ip
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] eq "datagroup_allowed_ip" ] }{ Traffic is allowed. Client IP match found in datagroup_allowed_ip return } else { Traffic is dropped. Client IP match not found in datagroup_allowed_ip drop } }
Create IP type LTM data-group. Define allowed IP/subnet values, and add optional descriptions. You can find data-group creation page at
Local Traffic - iRules - Data-group List
. Example of an IP type data-group in CLI/TEXT format:
ltm data-group internal datagroup_allowed_ip {
records {
100.20.20.0/32 { }
199.20.20.128/25 { }
}
type ip
}
Create an iRule that checks for matches against entries in datagroup_allowed_ip
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] eq "datagroup_allowed_ip" ] }{
Traffic is allowed. Client IP match found in datagroup_allowed_ip
return
} else {
Traffic is dropped. Client IP match not found in datagroup_allowed_ip
drop
}
}
What do you mean not seeing any traffic hitting the i-rule have you enabled logging on i-rule and dont see the logic getting triggered ? Hannes has provided correct i-rule as per your requirement, are you coming from correct sources ?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com