For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Erik_27939's avatar
Erik_27939
Icon for Nimbostratus rankNimbostratus
Oct 23, 2013

iRule: Match a Client IP to a subnet in a datagroup

I am trying to write a rule that would take the client's ip and compare it to a subnet list in a datagroup but I am not quite sure on how that would look code wise.

 

if { [class match [IP::client_addr] contains subnet_list] } {
    Send user to instance 1
    pool dummy_pool
}

If the ip was 10.1.1.1 and the subnet in the list was 10.0.0.0/8, would that produce a match?

 

application delivery
devops
iRules

5 Replies

  • Erik_27939's avatar
    Erik_27939
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2013
    When i try to use this logic, i just get a connection reset from the LB. If i comment this logic out, it works fine.
  • Erik_27939's avatar
    Erik_27939
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2013

    Yes. I am getting this error when trying to use that logic:

    <131>Oct 25 14:24:02 lb02 err tmm7[9612]: 01220001:3: TCL error: /Common/cos_irule_lb  - invalid operator contains for IP class /Common/subnet_list (line 1)     invoked from within "class match [IP::client_addr] contains subnet_list"

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 25, 2013
    if { [class match [IP::client_addr] equals subnet_list] } {
    Send user to instance 1
    pool dummy_pool
}

    change your operator from contains to equals, if your data-group is type: ip it will do the calculation for you and match just fine.