Forum Discussion

Nimbostratus

Jan 30, 2017

How to create an iRules that allowing multiple ports on a single VIP IP address

How to create an iRules that allowing multiple ports on a single VIP IP address. Example i have 1 VIP 10.10.10.10 with port range 50000-60000 for SFTP active, with pool member 20.20.20.20 port: 50000...

Maneesh_72711
Feb 01, 2017
Additionally with the same i-rule can you change your VIP to performance layer 4 instead of standard and then check do a tcpdump to see whether the VIP is doing a 3way handshake.

JoshBecigneul

MVP

Feb 01, 2017

It might be worthwhile to invert your logic and drop the "not" statement, to verify everything is working, then work towards flipping it back.

This is untested:

if{([TCP::local_port] > 50000 and [TCP::local_port] < 60000)} {
    permit
elseif {[TCP::local_port] == 22 }{
    permit
} else {
     Drop request
    drop
}

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to create an iRules that allowing multiple ports on a single VIP IP address

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

CSV to Address External Datagroup File

allow one url from blocks geolocation

single slot multiple core vs multiple slot single core

Ipv6 address

Multiple AD Authentication

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS