keefyweefy
Mar 08, 2011Nimbostratus
Filter on source & destination
Hello all
I'm trying to write what I presumed would be a simple iRule to restrict access from a client. We have a forwarding (IP) VS for a subnet say 192.168.1.0/24
I'm applying the following rule to that VS however it isn't performing as expected:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr]/32 equals 192.168.2.1]
and [IP::addr [IP::remote_addr]/32 equals 192.168.1.100] } {
drop}
elseif { [IP::addr [IP::client_addr]/32 equals 192.168.2.1]
and [IP::addr [IP::remote_addr]/32 equals 192.168.1.101] } {
drop
}
}
Connections don't get blocked from 192.168.2.1 to 192.168.1.100 or 101.
If I trim the iRule down to:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr]/32 equals 192.168.2.1] } {
drop}
}
Then all connections do get dropped so the problem appears to be with the latter part of the arguement.