irule problem - allow only selected IPs

Question

Hello Guys,&nbsp;
I'm new to irules so please excuse my basic question. I'm trying to allow traffic only to the two IP addresses, but the irule below only matches the first one. Any idea why?&nbsp;
when HTTP_REQUEST {
    if { not [IP::addr [IP::remote_addr] equals 1.1.1.1] or [IP::addr [IP::remote_addr] equals 2.2.2.2]} {
        reject
    }
}&nbsp;
Thanks,
Lucas&nbsp;

michael_jenkins · Answer

Try this. You needed to put () around the IP address checks, otherwise it was checking not 1.1.1.1 or IS 2.2.2.2
when HTTP_REQUEST { 
    if { not ([IP::addr [IP::remote_addr] equals 1.1.1.1] || [IP::addr [IP::remote_addr] equals 2.2.2.2])} { 
        reject 
    }
}

michael_jenkins · Answer

Or you could try with a switch statement instead, like this:
when HTTP_REQUEST {
    switch [IP::addr [IP::remote_addr] mask 255.255.255.255] {
        "1.1.1.1" -
        "2.2.2.2" {
             Do nothing
        }
        default {
            reject
        }
    }
}

lucas_kaczmars1 · Answer

Thank you so much! It's all working fine now :-)&nbsp;

Forum Discussion

irule problem - allow only selected IPs

3 Replies

Bram - January 2026 Featured Member

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

run failover xxxxxx

Single LTM with multiple GTM domains

Question about adding VEs to existing physical appliance device group without ASM licenses

2026 301a exam

How can I measure Advanced WAF (ASM) throughput on a running BIG-IP VE (per VIP / per policy)?

Related Content

Selective SNAT with iRules

Selective SNAT problem

Selective SNAT

iRule node selection does not work

Redirect iRule problem

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS