Forum Discussion
Dario many thanks for nice references but my concern is a bit more complex. I would like to restrict number of TCP connection just for dedicated 5 IP addresses on LAN network. I am looking for information how to create some static list of IP@ or define those host for which I just want enforce maximum number of TCP sessions. Other IP outside of list would be unrestricted. Any idea how to define such static IP list?
- Jul 26, 2019
This is very simple to get it.
You can set a condition to not execute the additional code if the source IP doesn't match a data-group called "my_ip_dg".
when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } } when CLIENT_CLOSED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } }
If you have the chance, I recommend you to implement your connection limit using table variables. Here an example.
https://devcentral.f5.com/s/articles/advanced-irules-tables-20451
KR,
Dario.