For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

aj11's avatar
aj11
Icon for Nimbostratus rankNimbostratus
Aug 03, 2017

How do I block (packet filtering?) all external IPs?

We have a BIG-IP (F5) unit set up at a backup site. We want to lock this unit down so that no public access is allowed while not in use, and any external scans won't even know there is anything ther...
BIG-IP
LTM
security
Jeff_Maddox_394's avatar
Jeff_Maddox_394
Historic F5 Account
Aug 03, 2017

The default behavior for disabled virtual servers is to send a RST to a SYN. If you are looking for a passive drop behavior, then a packet filter rule with the action set to "discard" would do the trick.

 

aj11's avatar
aj11
Icon for Nimbostratus rankNimbostratus
Aug 03, 2017

Thanks. I created a Packet Filter rule to allow an internal subnet (First) and tried to create another rule (Last) to drop (Action: "discard") everything else where the instructions in the doc linked below say to "Enter Expression Text" with nothing in the text field, which apparently means everything (?), and I got the following error:

 

01070087:3: Packet filter rule '/Common/TestRule1': rule matches all traffic and action is not "continue"

 

https://support.f5.com/content/kb/en-us/products/big-ip_ltm/manuals/product/bigip-datacenter-firewall-config-11-1-0/_jcr_content/pdfAttach/download/file.res/BIG-IP%C2%AE_Data_Center_Firewall_Configuration_Guide.pdf

 

Why should the rule be set to "continue" rather than "discard"?