Forum Discussion
GTM iRule help with matchregion?
After reading the documentation for the new v10.1.x iRule feature for GTM I still can not create an iRule that the GTM will accept. Has anyone actually used this? If so can you send me your example.
In short what the iRule is for is to drop non-local user queries for specific wideips. In other words if not of a local network drop the request.
I looked in to using matchclass but this is not functional in GTM and utilizing a data group or region would be cleaner than multiple elseif statements.
Here is the link to the feature: http://devcentral.f5.com/wiki/default.aspx/iRules/matchregion.html
This is what is documented:
Description Returns true/false if specified region is matched.
Syntax matchregion
Examples
Related Information
Valid Events: | DNS_REQUEST,DNS_RESPONSE |
Sample Code:
Introduced GTM-10.1
Here is my iRule test:
when DNS_REQUEST {
if { ! [matchregion] equals My_Region } {
} else {
drop
}
}
or
when DNS_REQUEST {
if { [matchregion] equals My_Region } {
} else {
drop
}
}
or
when DNS_REQUEST {
if { [[matchregion ip] equals My_Region] } {
} else {
drop
}
}
or
when DNS_REQUEST {
if { ! [matchregion] equals My_Region } {
} else {
drop
}
}
Note: if you place a $ or $:: as part of My_Region or if you remove the negation the iRule still fails to parse.
6 Replies
- The_Bhattman
Nimbostratus
Hi Vlan,
Have you tried the following?when DNS_REQUEST { if {[matchregion] ldns My_Region } { log local0. "Drop" drop } log local0. "Not Dropped" } - No joy...
using the example verbatim
01070151:3: Rule [Check_Local] error:
line 2: [parse error: PARSE syntax 40 {syntax error in expression "[matchregion] ldns My_Region ": extra tokens at end of expression}] [{[matchregion] ldns My_Region }]
I went through the iRule syntax and removed any extra white space at the end of the lines to be sure that this was not causing the parse error. - Besides the iRule syntax this looks like a bug with the v10.2.0.1707.0 parser. Using the following iRule I get the error text bellow.
when DNS_REQUEST {
if { [[matchregion] ldns ] equals $My_Region} {
log local0. "Drop"
drop
}
log local0. "Not Dropped"
}
011c0003:3: Rule checker ::tclCheck::checkScript did not complete: invalid command name "checkSimpleArgs 1 2 { BIGIP::checkIpTuple }"
while executing
"{checkSimpleArgs 1 2 { BIGIP::checkIpTuple }} $tokens $index"
("eval" body line 1)
invoked from within
"eval $default {$tokens $index}"
(procedure "checkOption" line 14)
invoked from within
"checkOption {
{ ldns { checkSimpleArgs 1 2}}
} { {checkSimpleArgs 1 2 { BIGIP::checkIpTuple }}} $tree $index"
("eval" body line 1)
invoked from within
"eval $cmd {$tree $index}"
(procedure "tclCheck::analyzeScript" line 89)
invoked from within
"tclCheck::analyzeScript $scriptRange"
(procedure "checkScript" line 5)
invoked from within
"checkScript $range"
("command" arm line 4)
invoked from within
"switch -- $type {
variable {
set range [lindex [lindex [lindex $word 2] 0] 1]
set name [parse getstring $::tclCheck::s..."
(procedure "checkWord" line 4)
invoked from withi - This one actually loaded.
when DNS_REQUEST {
if { [matchregion ldns ip] equals $My_Region} {
log local0. "Drop"
drop
}
log local0. "Not Dropped"
} - The syntax matches at least. It's passed. Here is the one working for me. I tested,
when DNS_REQUEST {
if { [matchregion ldns "Region_SGI"]} {
log local0. "found"
} else {
log local0. "not found"
}
} 
wassimAltostratus
Thanks Banyan,
I follow your way and it also works for me :-)
We have another thread here "GTM - Topology irule" and we were trying to make it working.
http://devcentral.f5.com/Community/GroupDetails/tabid/1082223/asg/50/aft/1177240/showtab/groupforums/Default.aspx
Thanks for your help.
