Forum Discussion
CirrusHelp tweaking my iRule
Hello all. I have an oubound virtual server that allows all traffic and protocols to any address, it's a wildcard outbound. I'm wanting to use an iRule to block outbound connections to Russia using data referenced in a data group. I created the following data group and iRule, but it ended up blocking everything when I attached it to my wildcard outbound VS. Are there any iRule gurus could can help me tweak this? Any help is much appreciated!
Data group:
iRule:
The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen. I would use the framework set in the support article and do something like this:
when SERVER_CONNECTED { set ipaddr [IP::remote_addr] set fromCountry [whereis $ipaddr country] if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } { log local0. "Attacker IP [IP::client_addr]" ;# This can be removed/commented out if not required drop } }
6 Replies
David_LarsenEmployee
You are running into a formatting issue with your datagroup. The datagroup String should be RU and no value necessary. This is a good reference: https://support.f5.com/csp/article/K43383890.
jlb4350Interesting. So I should just put RU in the string field and nothing in the value field, and that will be my string record, like this:
How about the iRule, does that part look alright?Thank you for your reply and help!
- David_Larsen
The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen. I would use the framework set in the support article and do something like this:
when SERVER_CONNECTED { set ipaddr [IP::remote_addr] set fromCountry [whereis $ipaddr country] if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } { log local0. "Attacker IP [IP::client_addr]" ;# This can be removed/commented out if not required drop } }
- jlb4350
Perfect, I'll give that a try and see what happens tonight. I'll report back, thank you again for your help!
kbk491Altostratus
did it work? just curious
- jlb4350
Sorry for the late reply, I've been traveling.
I ended up piecing together a few iRules that I found to come up with this and it works perfectly. I may tweak it in the future, but this is working. It involves the countries to block access to in a data group and the iRule to reference that group:
