Forum Discussion

N_Int_282362's avatar
N_Int_282362
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

IPBlacklist check with iRules

I have list of IP addresses in Data group called "BlackListIP" and it defined as "String" type instead of "Address" like 

"name": "1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6"

And I have iRule that use for lookup the Client IP address and need to be block if it matched IP address list above 

when CLIENT_ACCEPTED { if { [class match [IP::client_addr] contains BlackListIP ] } { reject } }

Let say, right now my client_addr equal to 1.1.1.1, Logically it should work, but after test it out this particular iRule doesn't work as expect. Anything I missed here. Please shed some light.

Thanks,

iControlREST
iRules
security
Super-NetOps
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Feb 15, 2018

    Logically, your iRule looks ok, try adding logging to see what IP address you connection is coming in on: However you have not included a 

    when
    at the start of the event - this may be the cause of your problem. 

    when CLIENT_ACCEPTED { 
    log local0. "IP: [IP::client_addr]"
    if {[class match [IP::client_addr] contains BlackListIP] } { 
        reject 
    } 
}
  • Richard__147088's avatar
    Richard__147088
    Icon for Nimbostratus rankNimbostratus
    Mar 19, 2018

    Try splitting the client ip address on the %. The address has a % at the end. That might cause the lookup failure. Also, I used equals instead of contains. Hope this helps.

    when CLIENT_ACCEPTED { 
    set client_ip [getfield [IP::client_addr] "%" 1]
    if { [class match $client_ip equals BlackListIP ] } { 
        reject
    }
}

    Also, please have a look at Kai Wilke's answer in this thread : https://devcentral.f5.com/questions?pid=48727. He did a great job helping me with a related question.