For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Lee_Sutcliffe's avatar
Lee_Sutcliffe
Icon for Nacreous rankNacreous
Oct 01, 2012

IP Forwading VIP - Access List

Hi, I've put together the following iRule to prevent two subnets communicating via the virtual forwarding VIP. We have several VLANS behind the LTM and two of which cannot communicate with ea...
application delivery
dev
devops
iRules
Mohamed_Lrhazi's avatar
Mohamed_Lrhazi
Icon for Altocumulus rankAltocumulus
Oct 01, 2012

 

You could test the iRule by creating a new similar wildcard VS... just make it listen on a port unlikely to be used as destination. say port=9, or port=49899

 

 

Maybe the iRule could be simplified by using one datagroup called reject_to_from, and rule:

 

 

If client_addr in reject_to_from AND destination in reject_to_from:

 

reject