Forum Discussion
jeffnotcarl_142
Nimbostratus
Sep 12, 2014iCall for DDNS?
I'm told that an iCall may be appropriate to get around the matter of firewall allows for sites that have multiple ip addresses presented for their namespace. For example, microsoft.com may well res...
Michael_Skreeno
Employee
Sep 16, 2014Hi jeffnotcarl,
Tested working on 11.5.0 HF4. Supports multiple names in a tcl array (apparently there is no iRules class access??)
Need to add handling of CNAMEs as response, such as update.microsoft.com
First merge verify and then merge the following into your test environment with:
security firewall address-list list-microsoft.com {
addresses {
1.1.1.1 { }
}
}
security firewall address-list list-msn.com {
addresses {
1.1.1.1 { }
}
}
security firewall address-list list-update.microsoft.com {
addresses {
1.1.1.1 { }
}
}
Then you can merge in the following iCall based from The Bhattman. I changed - if {$ips ne ""}. This script will run and you should see msn.com and microsoft.com update, update.microsoft.com fails because it includes the cname as part of the +short dig response.
sys icall script firewall-ddns {
app-service none
definition {
array set mylist {
microsoft.com list-microsoft.com
msn.com list-msn.com
update.microsoft.com list-update.microsoft.com
}
foreach {key val} [array get mylist] {
set ips [exec dig +short @4.2.2.1 $key A]
if {$ips ne ""}{
tmsh::modify security firewall address-list $val addresses replace-all-with \{ $ips \}
}
}
}
description none
events none
}
sys icall handler periodic icall_ddns {
interval 30
script firewall-ddns
}
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects