Forum Discussion

Ravager's avatar
Ravager
Icon for Altostratus rankAltostratus
Dec 21, 2019
Solved

Irule drop on geolocation or ip assistance

New to irules and i basically want to write something like the below but am not sure on how to do it.

Basically make a two lists that i can edit as required to hold geolocation country codes and IP and drop a connection if neither of them

 

Ty in advance

 

set allowed_country [AU CN]

set excepted_IPs [1.2.3.4 5.6.7.9]

   when CLIENT_ACCEPTED {

       if {{[whereis [IP::client_addr] country] ne allowed_country} or {IP::client_addr] ne excepted_IPs }} {

           drop

       }

 

 

 

 

 

iRules
security
  • jaikumar_f5's avatar
    jaikumar_f5
    Dec 29, 2019

    You can do it via a datagroup, Create a datagroups named -

    1. whitelist_countries and add records with AU & CN.
    2. whitelist_ips and add records with 1.2.3.4 5.6.7.9

    Then with the Irule take action accordingly, you can store the details in variables for better view, understanding & logging. Take out else section if you feel not needed.

    when CLIENT_ACCEPTED {
set country [whereis [IP::client_addr] country]
set source [IP::client_addr]
if { (![class match $country equals whitelist_countries]) or (![class match $source equals whitelist_ips]) } {
		log local0. "Dropping connection of Source IP: $source, Country: $country"
		drop
   } else {
		log local0. "Allowing connection of Source IP: $source, Country: $country"
   }
}

    Hope it helps. Test and update back.

    Note: Even if you whitelist some IP's and if they are part of blocked country, it will drop it. Because you are using OR operation. You can use nested if logic to adjust accordingly.

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Dec 29, 2019

    You can do it via a datagroup, Create a datagroups named -

    1. whitelist_countries and add records with AU & CN.
    2. whitelist_ips and add records with 1.2.3.4 5.6.7.9

    Then with the Irule take action accordingly, you can store the details in variables for better view, understanding & logging. Take out else section if you feel not needed.

    when CLIENT_ACCEPTED {
set country [whereis [IP::client_addr] country]
set source [IP::client_addr]
if { (![class match $country equals whitelist_countries]) or (![class match $source equals whitelist_ips]) } {
		log local0. "Dropping connection of Source IP: $source, Country: $country"
		drop
   } else {
		log local0. "Allowing connection of Source IP: $source, Country: $country"
   }
}

    Hope it helps. Test and update back.

    Note: Even if you whitelist some IP's and if they are part of blocked country, it will drop it. Because you are using OR operation. You can use nested if logic to adjust accordingly.