IRule based on src IP LTM

Question

Hi&nbsp;
My plan is to allow from 2 subnets and direct to a pool, below irule is not working, if any one knows why it is not working, please share, &nbsp;
when CLIENT_ACCEPTED { 
if { [IP::addr [IP::client_addr] equals 10.x.x.x/24]}{ 
or if {[IP::addr [IP::client_addr] equals 10.x.x.x/24]}{
pool my.pool&nbsp;
}&nbsp;
Thanks in advance
}&nbsp;

ed_summers · Answer

This would be a good application for a data group. Not only would it make the rule easier to update and scale, it will make the tcl code much simpler.
Create a data group (give it a descriptive name...I'll just use 'allowed-subnets'):
create ltm data-group internal allowed-subnets type ip records add { 10.x.x.x/24 10.y.y.y/24 }
Now you can use this data group for matching in your iRule
&nbsp;
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] eq allowed-subnets] } {
        pool my.pool
    }
}

&nbsp;
In the future, allowing additional subnets (or even host addresses) is a matter of adding to the data group. No changes to the iRule would be required.

Forum Discussion

IRule based on src IP LTM

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Entra ID F5 APM MDM Intune integration compliance check

Replacing i2800 pair with new F5-BIG-AFM-r2800

Unable to download files greater than 4GB. Running version 15.1.5.1

Efficient Method to Compare F5 Configurations

F5 Big-IQ read-only API username creation.

Related Content

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

Time based iRule example

iRule based 'Natural Speech' Expression Language

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS