Forum Discussion

Nimbostratus

Aug 03, 2017

How do I block (packet filtering?) all external IPs?

We have a BIG-IP (F5) unit set up at a backup site. We want to lock this unit down so that no public access is allowed while not in use, and any external scans won't even know there is anything ther...

Historic F5 Account

Aug 03, 2017

The default behavior for disabled virtual servers is to send a RST to a SYN. If you are looking for a passive drop behavior, then a packet filter rule with the action set to "discard" would do the trick.

Jeff_Maddox_394

Historic F5 Account

Aug 04, 2017

Anything that does not match the first rule should hit the second rule, which is basically the same as unhandled traffic. You can verify in the var/log/pktfilter file. Make sure you have console access when you test. There maybe variables that I am not aware of in your set up.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How do I block (packet filtering?) all external IPs?

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

F5 Health Monitor Receive String as JSON

Rewrite content in XML schema file.

DNS Request to VS?

Guide for exam 402 F5 Certified Solution Expert

HA pair when both Tenants reside on the same Velos chassis

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

UDP TCP Packet Duplication

Automating Packet Captures on BIG-IP

CSV to Address External Datagroup File

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS