Forum Discussion

kderrough_26121's avatar
kderrough_26121
Icon for Nimbostratus rankNimbostratus
Jul 24, 2018

How can i create an iRule for one VIP with multiple service ports.

For a clean look I would like to create an iRule for one VIP with 8 specific service ports. (Not a range)  
application delivery
iRules
LTM
  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Jul 25, 2018

    It's possible but you need to set VIP destination port to 0. And write irule to allow defined port and block rest of the service.

    Below irule might help...

     

        when CLIENT_ACCEPTED {
       if { [TCP::local_port] == 5540 } {
        pool test_PROD_pool1
        } elseif { [TCP::local_port] == 5580 } {
        pool test_PROD_pool2
        } else {
            reject
    }
}

     

    Cheers...

     

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent

It's possible but you need to set VIP destination port to 0. And write irule to allow defined port and block rest of the service.

Below irule might help...

 

    when CLIENT_ACCEPTED {
       if { [TCP::local_port] == 5540 } {
        pool test_PROD_pool1
        } elseif { [TCP::local_port] == 5580 } {
        pool test_PROD_pool2
        } else {
            reject
    }
}

 

Cheers...

 

Samir_Jha_52506's avatar
Samir_Jha_52506
Icon for Noctilucent rankNoctilucent
Jul 26, 2018

You can try with this code:

    when CLIENT_ACCEPTED {
     if {([TCP::local_port] == 443 )} { pool pool_443 } 
    elseif {([TCP::local_port] == 5554 )} { pool pool_5443 }    
    elseif {([TCP::local_port] == 8080 )} { pool pool_8080 }
    elseif {([TCP::local_port] == 4900 )} { pool pool_4900 }
    elseif {([TCP::local_port] == 4889 )} { pool pool_4889 }
    elseif {([TCP::local_port] == 8081 )} { pool pool_8081 }
    elseif {([TCP::local_port] == 7301 )} { pool pool_7301 }
    elseif {([TCP::local_port] == 7302 )} { pool pool_7302 }
    elseif {([TCP::local_port] == 7788 )} { pool pool_7788 }
    elseif {([TCP::local_port] == 7799 )} { pool pool_7799 }
    elseif {([TCP::local_port] == 9851 )} { pool pool_9851 }
    elseif {([TCP::local_port] == 9788 )} { pool pool_9788 }
    else { reject }
 }

$1 * use a data group containing pool name as value. You can add as many port in datagroup...

        ltm data-group internal DG_TCP { 
        records { 
        443 {pool_443} 
        5554 {pool_5554} 
        8080 {Pool_8080}
        4900 {pool_4900}
        4889 {pool_4889}
        xxxx {pool_xxx}
             } 
        type string 
        }

        when CLIENT_ACCEPTED {
        if {[set pool [class match -value [TCP::local_port] equals "DG_TCP"]] ne ""} {
         pool $pool
        } else {
            reject
        }
    }

cheers...