For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Geethanjali_321's avatar
Geethanjali_321
Icon for Nimbostratus rankNimbostratus
Oct 25, 2012

IP address filtering rule does not work

Hi All, I wanted to create a rule to block all IP addresses except one IP address. So, I gave this rule: when CLIENT_ACCEPTED { if {! [IP::addr [IP::client_addr] equals x.x.x.x] } { } } ...
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 25, 2012
can you put some log command to see what is going on?

e.g. 

[root@ve10:Active] config  b virtual bar list
bvirtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
   if { ! [IP::addr [IP::client_addr] equals 192.168.206.57] } {
      log local0. "Reject [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
      reject
   }
}
when SERVER_CONNECTED {
   log local0. "Allow [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] -> [IP::remote_addr]:[TCP::remote_port]"
}
}

[root@ve10:Active] config  cat /var/log/ltm
Oct 25 11:14:38 local/tmm info tmm[7926]: Rule myrule : Reject 172.28.20.11:59191 -> 172.28.19.79:80
Oct 25 11:14:52 local/tmm info tmm[7926]: Rule myrule : Allow 192.168.206.57:63448 -> 172.28.19.79:80 -> 200.200.200.101:80