For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

superuser_22978's avatar
superuser_22978
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015

irule for range of ports and a few specific ports

Hi Guys..I have request to open up ports from 56000 to 57000 and 3389,10520,10521. I have the irule as below is not working. Connections are getting refused. Please suggest.   when CLIENT_ACCEPTED...
application delivery
devops
iRules
Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Nov 04, 2015

Looks like just a little syntax issues. Try this.

when CLIENT_ACCEPTED {
    if { (([TCP::local_port] >= 56000) && ([TCP::local_port] <= 57000)) || ([TCP::local_port] == 3389) || ([TCP::local_port] == 10520) || ([TCP::local_port] == 10521) } {
        pool qa_pool
    }
    else {
        reject
    }
}
R_Marc_77962's avatar
R_Marc_77962
Icon for Nimbostratus rankNimbostratus
Nov 04, 2015
that will work, but if you have multiple backend pools for different ports, a switch statement is probably the way to go (it's also more readable, in my opinion) switch [TCP::local_port] { "80" {pool server-80-tcp-pool} "444" {pool server-444-tcp-pool} "443" { if { [class match [IP::client_addr] equals service_client_ip_list] }{ log local0. "Requested from service IP: [IP::client_addr] sending to server-443-tcp-service-pool" pool server-443-tcp-service-pool } else { pool server-443-tcp-pool } } "30200" {pool server-30200-tcp-pool} "30201" {pool server-30201-tcp-pool} "30202" { if {[class match [IP::client_addr] equals service_client_ip_list] }{ log local0. "Requested from IP: [IP::client_addr] send to server-30202-tcp-service-pool" pool server-30202-tcp-service-pool } else { pool server-30202-tcp-pool } } "30203" {pool server-30203-tcp-pool} "30204" {pool server-30204-tcp-pool} "30205" {pool server-30205-tcp-pool} default {discard} }