Forum Discussion

Nimbostratus

Aug 03, 2017

How do I block (packet filtering?) all external IPs?

We have a BIG-IP (F5) unit set up at a backup site. We want to lock this unit down so that no public access is allowed while not in use, and any external scans won't even know there is anything ther...

Historic F5 Account

Aug 03, 2017

The default behavior for disabled virtual servers is to send a RST to a SYN. If you are looking for a passive drop behavior, then a packet filter rule with the action set to "discard" would do the trick.

Jeff_Maddox_394

Historic F5 Account

Aug 04, 2017

Anything that does not match the first rule should hit the second rule, which is basically the same as unhandled traffic. You can verify in the var/log/pktfilter file. Make sure you have console access when you test. There maybe variables that I am not aware of in your set up.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

How do I block (packet filtering?) all external IPs?

F5 Academy at AppWorld 2026

Kostas Injeyan - October 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

XC - geo LB to the origin servers

Cannot automatically add the LTM virtual server to DNS

Strict header Insertion

SSL Offloading and Backend pool https

Adding metadata to certificates objects

Related Content

Decrypting BIG-IP Packet Captures Automatically

Decrypting BIG-IP Packet Captures without iRules

UDP TCP Packet Duplication

Automating Packet Captures on BIG-IP

External Monitor Information and Templates

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS