For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jonathan_Robins's avatar
Jonathan_Robins
Icon for Nimbostratus rankNimbostratus
Aug 26, 2010

GTM iRule to block certain IPs DNS Query of a WideIP

Hello   I need to stop a GTM Wide IP from responding to client IPs unless they are in a whitelist.   Ideally the GTM would respond with an NSDOMAIN rather than drop the request.     I am...
application delivery
dev
devops
iRules
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Aug 26, 2010
Hi Jonathan,

I don't believe "ne" is a valid operator in the matchclass

You can either use "!" (not) or else clause 


 when DNS_REQUEST { 
        if { ![matchclass [IP::remote_addr] eq $::ip_allowed_datagroup] } { 
             drop  
             } 
 }

-or- 


 when DNS_REQUEST { 
        if { [matchclass [IP::remote_addr] eq $::ip_allowed_datagroup] } { 
   } else { 
              drop 
         } 
 }

I hope this helps

Bhattman