Forum Discussion
NimbostratusHow do you configure a CSS ACL on an F5 LTM? How would the following ACL be applied to the F5
acl 10 clause 21 deny tcp any destination 10.95.201.2 255.255.255.255 eq telnet
clause 31 deny udp any destination 10.95.201.2 255.255.255.255 eq 161
clause 250 permit any any destination any apply circuit-(VLAN300)
clause 38 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.158 sourcegroup ibsdukext
clause 16 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.134 sourcegroup Ibsdatext
clause 17 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.135 sourcegroup Ibsdbeext
clause 24 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.145 sourcegroup ibsdukqaleg
clause 25 permit any 10.0.0.0 255.0.0.0 destination 205.157.112.146 sourcegroup ibsdfrqaleg
2 Replies
What_Lies_Bene1Cirrostratus
You've a few options here;
1) Apply a Packet Filter
2) Use an iRule
3) Use AFM (which will ultimately apply a Packet Filter but is far more granular)
Any preferences?
- What_Lies_Bene1
OK, so the menu path is: Network > Packet Filters. You can apply the filter globally or per VLAN/Tunnel. It should be pretty obvious to you how to build the rules based on your requirements.
Unfortunately without AFM object groups and per Virtual Server filters are not available as far as I know. You might want to consider it. Not sure if it's free or not.
