Forum Discussion
Domai
Altostratus
AltostratusiRule help to block traffic
Hello my intention is to block traffic from countries which are not on my safe list. So I used the below iRule when CLIENT_ACCEPTED {
if { not([class match [whereis [IP::client_addr] countr...
Kai_Wilke
MVP
MVPHi Domai,
take a look to the nested iRule below. It queries [whereis [IP::client_addr] country] first and then checks if [whereis] was able to resolve a country code. If [whereis] was able to to resolve a country code it will lookup the allow-country data-group and if [whereis] was not able to resolve a country code it will lookup the allow-ip data-group. The nested approach will make sure, that only a single [wheris] and [class] execution is required for each connection attempt.
when CLIENT_ACCEPTED {
if { [set whereis_result [whereis [IP::client_addr] country]] ne "" } then {
if { not ( [class match $whereis_result equals "allow-country"] ) } then {
log "Dropping connection from client: [IP::client_addr], country code: $whereis_result"
drop
}
} else {
if { not ( [class match [IP::client_addr] equals "allow-ip"] ) } then {
log "Dropping connection from client: [IP::client_addr], country code: not available"
drop
}
}
}
Cheers, Kai
