Forum Discussion
Dario many thanks for nice references but my concern is a bit more complex. I would like to restrict number of TCP connection just for dedicated 5 IP addresses on LAN network. I am looking for information how to create some static list of IP@ or define those host for which I just want enforce maximum number of TCP sessions. Other IP outside of list would be unrestricted. Any idea how to define such static IP list?
This is very simple to get it.
You can set a condition to not execute the additional code if the source IP doesn't match a data-group called "my_ip_dg".
when CLIENT_ACCEPTED {
if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } {
return
}
}
when CLIENT_CLOSED {
if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } {
return
}
}
If you have the chance, I recommend you to implement your connection limit using table variables. Here an example.
https://devcentral.f5.com/s/articles/advanced-irules-tables-20451
KR,
Dario.