Forum Discussion

sandy16's avatar
sandy16
Icon for Altostratus rankAltostratus
Oct 23, 2012

irule for VIP to deny all ports except a few

Hi, i have configured a VIP to listen on any port, BUT i want to restrict it only specific ports and denying rest all.   What`s the simplest way to do this?  
application delivery
dev
devops
iRules
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Oct 23, 2012
There's two ways you can achieve this that I can think of;

 

 

1) Use a packet filter (everyone seems to prefer iRules)

 

2) Use the IP: CLIENT_ACCEPTED event and something like this (but with more ports using switch or a data group);

 

 

when CLIENT_ACCEPTED {

 

if { ! [TCP::local_port] == 80} {

 

drop

 

return

 

}

 

}