how can i make irule to block port 25 on virtual server?

Question

hi all,
can  i block port 25 on virtual server which has service port (0) any ??&nbsp;

samir_jha_52506 · Answer

Yes. you can achieve via policy also. Please find the irule.
    when CLIENT_ACCEPTED {
 if { ([string tolower [HTTP::host]] equals "xyz.com") &amp;&amp; ([TCP::local_port] == 25)} {
        drop
    log local0. "connection dropped from [HTTP::host]"
         }
    }

stanislas_piro2 · Answer

Do you really require a Any port virtual server. 
Starting with Exchange 2013, all exchange services are on HTTPS port.
if you require it, try this irule:
when CLIENT_ACCEPTED {
    if {  [TCP::local_port] == 25} {
        TCP::respond "500 Service not available, closing transmission channel"
     }
}

arie · Answer

Blocking a single port violates the security best practices (which are often requirements) of "least privilege" and "default deny". I would recommend turning it around and allowing only what you actually need, even on a VIP that is configured to allow all ports.

yosry92_331999 · Answer

how can i block it via policy??&nbsp;

Forum Discussion

how can i make irule to block port 25 on virtual server?

4 Replies

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Issue on connection limit

Wireshark Plugin for TLS

F5 Distributed Cloud Services Simulator Connect

F5 CIS -> NGINX Plus Ingress Controller Integration

Catch Dynamic CRL Errors and Return Friendly Page

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

virtual server config

Check a Virtual Server's SSL Status

Virtual Server graphical App for F5 LTM

Three Ways to Specify Multiple Ports on a Virtual Server

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS