how can i make irule to block port 25 on virtual server?

Question

hi all,
can  i block port 25 on virtual server which has service port (0) any ??&nbsp;

samir_jha_52506 · Answer

Yes. you can achieve via policy also. Please find the irule.
    when CLIENT_ACCEPTED {
 if { ([string tolower [HTTP::host]] equals "xyz.com") &amp;&amp; ([TCP::local_port] == 25)} {
        drop
    log local0. "connection dropped from [HTTP::host]"
         }
    }

stanislas_piro2 · Answer

Do you really require a Any port virtual server. 
Starting with Exchange 2013, all exchange services are on HTTPS port.
if you require it, try this irule:
when CLIENT_ACCEPTED {
    if {  [TCP::local_port] == 25} {
        TCP::respond "500 Service not available, closing transmission channel"
     }
}

arie · Answer

Blocking a single port violates the security best practices (which are often requirements) of "least privilege" and "default deny". I would recommend turning it around and allowing only what you actually need, even on a VIP that is configured to allow all ports.

yosry92_331999 · Answer

how can i block it via policy??&nbsp;

Forum Discussion

how can i make irule to block port 25 on virtual server?

4 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

In Using the AST tool am I pointing it to TENANTS or to the F5OS(hardware) I have?

Any way to cache HEAD request

can you help with getting a BigIP virtual edition serial key

VIP in https that redirect to another vip in https

2026 is Almost Here

Related Content

iControl REST Cookbook - Virtual Server (ltm virtual)

virtual server config

Syslog virtual server

Check a Virtual Server's SSL Status

iControl REST Cookbook - Virtual Server Profile (LTM Virtual Profiles)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS