Forum Discussion

vkoprivica_9683's avatar
vkoprivica_9683
Icon for Nimbostratus rankNimbostratus
May 20, 2013

Irule - Pool port range

Hi, I need a help creating an Irule for specific pool. I have an irule named Test and I would like to have test_pool accepting only connections in the port range 1024-65535. To be cleared, only above mentioned pool needs to be affected by the irule.

 

Thank you.

 

 

 

application delivery
dev
devops
iRules

6 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 20, 2013
    Are you referring to the local (source) port? 

    
when CLIENT_ACCEPTED {
    if { [expr [TCP::client_port] < 1024] or [expr [TCP::client_port] > 65535] } {
        reject
    }
}

    The above will block any connection request that has a source port less than 1024 and greater than 65535, though you'd probably be better off applying a packet filter.
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 20, 2013
    The iRule is attached to the virtual server, so it would affect any pool that is either statically or programmatically assigned to the same virtual server.
  • vkoprivica_9683's avatar
    vkoprivica_9683
    Icon for Nimbostratus rankNimbostratus
    May 20, 2013
    Kevin, can I allow port 135 in the same irule or I need to crate a new vip to allow that traffic too?
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 20, 2013
    Yes, but it'd be easier I think to modify the logic a little bit. 

    
when CLIENT_ACCEPTED {
    if { ( [expr [TCP::client_port] > 1024] and [expr [TCP::client_port] < 65535] ) or ( [TCP::client_port] == 135 ) } {
        return
    } else {
        reject
    }
}