I-rule not working

Question

Hi &nbsp;
 &nbsp;
I have a i-rule to allow multiple ports but for some reason it's not working... i can connect on any port&nbsp;
when CLIENT_ACCEPTED {  &nbsp;
    if {  [TCP::client_port] == 8300 or  [TCP::client_port] == 8301 or [TCP::client_port] == 8401 or [TCP::client_port] == 8881 or [TCP::client_port] == 8880 or [TCP::client_port] == 8731 or [TCP::client_port] == 8732 or [TCP::client_port] == 4353 or [TCP::client_port] == 8733 or [TCP::client_port] == 8525 } {  &nbsp;
       drop  &nbsp;
    } &nbsp;
 }&nbsp;

what_lies_bene1 · Answer

More than two 'or' statements really isn't manageable. Can I suggest you create a Data Group of the ports you want to deny and use this;
when CLIENT_ACCEPTED { if { [class match [string [TCP::client_port] equals denied-ports ] } { drop } }

what_lies_bene1 · Answer

Actually, I think it should be TCP::local_port; 
 when CLIENT_ACCEPTED {
 if { [class match [string [TCP::local_port] equals denied-ports ] } {
   drop }
}

Forum Discussion

I-rule not working

2 Replies

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

i-rule header insert - APM

Working with MasterKeys

I-rule for adapt request "response page"

CLI syntax to change i-rule order

How do I know the rule name of the blocked rule ID in AWS F5 WAF?

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS