For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Raymond_Feng_97's avatar
Raymond_Feng_97
Historic F5 Account
May 12, 2006

how to use matchclass work with network group

Hi, all   very easy question ,but I tried serveral times ,still not found the answer. The question is how to write the irules like below which is irule4.5 .   if( client_ip == one of hacker_...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 12, 2006
Hi Roy,

There are a few related posts I found that should get you started:

http://devcentral.f5.com/Default.aspx?tabid=28&view=topic&forumid=5&postid=7544

http://devcentral.f5.com/Default.aspx?tabid=28&view=topic&forumid=5&postid=7204

I think this class and rule should work for you to reject any requests coming from the host/networks defined in the class:


class my_hosts_networks_class  {
   network 10.0.0.0 mask 255.0.0.0
   host 192.168.0.100
}
rule reject_rule {
   when CLIENT_ACCEPTED {
      if { [matchclass $::my_hosts_networks_class equals ::my_hosts_networks_class ] } { 
         reject
      }
       default action is to return to VIP's configuration for handling traffic that doesn't match this rule
   }
}

Reply if you still have questions.

Aaron