Forum Discussion
ipman_1988_5418
Nimbostratus
NimbostratusGeoLocation iRule Client_Accepted missing some traffic
I have an iRule that fires on client_accepted applied to a virtual forwarder (0.0.0.0) that basically forwards all tcp and udp traffic (not destined to our GTM DNS virtual). The iRule does a whereis ...
ipman_1988_5418Nimbostratus
NimbostratusI guess I should have clarified some things.
I'm not using Class A networks in my data groups. I'm using country codes and it's working. I was using Class A networks as a filter in my firewall logs just to see what was slipping by my irule.
My Geo database is from June this year (geoip-data-v6-1.0.1-20130606.63.0.i686.rpm) and I have confirmed that the IP addresses getting past the iRule match for countries that should be blocked based on the data-group list. ie, a CN China address got through 37.247.36.83 I confirmed this by using the geoip_lookup tool. I can update the database but that's not the issue here obviously.
I do have logging available in this irule. I simply removed all of the logging code to simplify the posting. Specifically I log (when enabled)
log local0. "[whereis [IP::client_addr] country] [IP::client_addr] to DST ADDR [IP::local_addr] DST Port [TCP::local_port] SRC Port [TCP::remote_port] matched against blockedoverseas"
What_Lies_Bene1Cirrostratus
Can I assume an address such as the example you've given isn't in the allowedip data group? I wonder if adding 'return' after each 'drop' might be useful in ensuring the rest of the rule doesn't run once there's a match?