Forum Discussion
Geethanjali_321
Nimbostratus
NimbostratusIP address filtering rule does not work
Hi All,
I wanted to create a rule to block all IP addresses except one IP address. So, I gave this rule:
when CLIENT_ACCEPTED {
if {! [IP::addr [IP::client_addr] equals x.x.x.x] } {
}
} ...
nitass
Employee
Employeecan you put some log command to see what is going on?
e.g.
[root@ve10:Active] config b virtual bar list
bvirtual bar {
snat automap
pool foo
destination 172.28.19.79:80
ip protocol 6
rules myrule
}
[root@ve10:Active] config b pool foo list
pool foo {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
if { ! [IP::addr [IP::client_addr] equals 192.168.206.57] } {
log local0. "Reject [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
reject
}
}
when SERVER_CONNECTED {
log local0. "Allow [IP::client_addr]:[TCP::client_port] -> [clientside {IP::local_addr}]:[clientside {TCP::local_port}] -> [IP::remote_addr]:[TCP::remote_port]"
}
}
[root@ve10:Active] config cat /var/log/ltm
Oct 25 11:14:38 local/tmm info tmm[7926]: Rule myrule : Reject 172.28.20.11:59191 -> 172.28.19.79:80
Oct 25 11:14:52 local/tmm info tmm[7926]: Rule myrule : Allow 192.168.206.57:63448 -> 172.28.19.79:80 -> 200.200.200.101:80
