Forum Discussion

N_Int_282362's avatar
N_Int_282362
Icon for Nimbostratus rankNimbostratus
Feb 15, 2018

IPBlacklist check with iRules

I have list of IP addresses in Data group called "BlackListIP" and it defined as "String" type instead of "Address" like

"name": "1.1.1.1, 2.2.2.2, 3.3.3.3, 4.4.4.4, 5.5.5.5, 6.6.6.6"

And I have iRule that use for lookup the Client IP address and need to be block if it matched IP address list above

when CLIENT_ACCEPTED { if { [class match [IP::client_addr] contains BlackListIP ] } { reject } }

Let say, right now my client_addr equal to 1.1.1.1, Logically it should work, but after test it out this particular iRule doesn't work as expect. Anything I missed here. Please shed some light.

Thanks,

  • Logically, your iRule looks ok, try adding logging to see what IP address you connection is coming in on: However you have not included a

    when
    at the start of the event - this may be the cause of your problem.

    when CLIENT_ACCEPTED { 
        log local0. "IP: [IP::client_addr]"
        if {[class match [IP::client_addr] contains BlackListIP] } { 
            reject 
        } 
    }
    
  • Try splitting the client ip address on the %. The address has a % at the end. That might cause the lookup failure. Also, I used equals instead of contains. Hope this helps.

    when CLIENT_ACCEPTED { 
        set client_ip [getfield [IP::client_addr] "%" 1]
        if { [class match $client_ip equals BlackListIP ] } { 
            reject
        }
    }
    

    Also, please have a look at Kai Wilke's answer in this thread : https://devcentral.f5.com/questions?pid=48727. He did a great job helping me with a related question.