Forum Discussion

Cirrus

3 years ago

Solved

Help tweaking my iRule

Hello all. I have an oubound virtual server that allows all traffic and protocols to any address, it's a wildcard outbound. I'm wanting to use an iRule to block outbound connections to Russia using d...

security

David_Larsen

3 years ago

The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen. I would use the framework set in the support article and do something like this:

when SERVER_CONNECTED {
    set ipaddr [IP::remote_addr]
    set fromCountry [whereis $ipaddr country]
    if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } {
         log local0. "Attacker IP [IP::client_addr]"  ;#  This can be removed/commented out if not required
         drop
    }
}

David_Larsen

Employee

3 years ago

You are running into a formatting issue with your datagroup. The datagroup String should be RU and no value necessary. This is a good reference: https://support.f5.com/csp/article/K43383890.