For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Jan 29, 2017
Solved

How to create an iRules that allowing multiple ports on a single VIP IP address

How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...
application delivery
iRules
LTM
security
  • Maneesh_72711's avatar
    Maneesh_72711
    Jan 31, 2017

    Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

     

Goldz_180077's avatar
Goldz_180077
Icon for Nimbostratus rankNimbostratus
Jan 30, 2017

Hi Maneesh,

I have some few questions:

  1. Do i need to create a Standard VIP with all Ports allow then associate the iRules on it.

  2. can you check if this is correct:

when CLIENT_ACCEPTED { 

 Check if requested port is outside 50000 - 60000 
if{not(([TCP::client_port] > 50000 and [TCP::client_port] < 60000) or [TCP::client_port] == 22) }{ 
    Drop request 
   drop 
}

}