For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Jul 19, 2022
Solved

Help tweaking my iRule

Hello all. I have an oubound virtual server that allows all traffic and protocols to any address, it's a wildcard outbound. I'm wanting to use an iRule to block outbound connections to Russia using d...
security
  • David_Larsen's avatar
    David_Larsen
    Jul 19, 2022

    The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen.  I would use the framework set in the support article and do something like this:

    when SERVER_CONNECTED {
    set ipaddr [IP::remote_addr]
    set fromCountry [whereis $ipaddr country]
    if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } {
         log local0. "Attacker IP [IP::client_addr]"  ;#  This can be removed/commented out if not required
         drop
    }
}

     

jlb4350's avatar
jlb4350
Icon for Cirrus rankCirrus
Jul 19, 2022

Interesting. So I should just put RU in the string field and nothing in the value field, and that will be my string record, like this:


How about the iRule, does that part look alright?

Thank you for your reply and help!

  • David_Larsen's avatar
    David_Larsen
    Icon for Employee rankEmployee
    Jul 19, 2022

    The iRule is slightly wrong in that it is trying to pull out a value of RU and then matching the IP address to the value which would never happen.  I would use the framework set in the support article and do something like this:

    when SERVER_CONNECTED {
    set ipaddr [IP::remote_addr]
    set fromCountry [whereis $ipaddr country]
    if { [class match $fromCountry equals GeoIPOutboundBlockRussia] } {
         log local0. "Attacker IP [IP::client_addr]"  ;#  This can be removed/commented out if not required
         drop
    }
}