Forum Discussion
Goldz_180077
Jan 30, 2017Nimbostratus
How to create an iRules that allowing multiple ports on a single VIP IP address
How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...
- Feb 01, 2017
Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.
Maneesh_72711
Cirrostratus
Check this link if you want to restrict it to specific ports.
https://devcentral.f5.com/questions/virtual-server-multiple-service-ports
Goldz_180077
Jan 30, 2017Nimbostratus
Hi Maneesh,
I have some few questions:
-
Do i need to create a Standard VIP with all Ports allow then associate the iRules on it.
-
can you check if this is correct:
when CLIENT_ACCEPTED {
Check if requested port is outside 50000 - 60000
if{not(([TCP::client_port] > 50000 and [TCP::client_port] < 60000) or [TCP::client_port] == 22) }{
Drop request
drop
}
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects