Forum Discussion
Saib_175162
Nimbostratus
NimbostratusIrule Request
Hi,
I have a Big IP LTM 3600. I want to build an irule with the following requirements,
1- Allow IPs only from America and India. 2- Allow only certain IP addresses from India 3- Allow 10.0.0.0/8 for access from inside 3- Disallow everything else.
Any help would be highly appreciated.
Thanks, Maz
9 Replies
kunjanhttps://devcentral.f5.com/wiki/irules.whereis.ashx
Try this
when CLIENT_ACCEPTED { set CC [whereis [IP::client_addr] country] if { !([IP::addr [IP::client_addr] equals 10.0.0.0/8 ] or $CC equals "US" or $CC equals "IN" ) } { drop } }
Saib_175162Hi Kunjan, many thanks for your response. Sorry I am very new to this. I have a list of IPs from india that I need to allow. I can put this into an address group. Then how would I call this group into the above irule. Thanks again. BR Mazhar
kunjan_118660Cumulonimbus
https://devcentral.f5.com/wiki/irules.whereis.ashx
Try this
when CLIENT_ACCEPTED { set CC [whereis [IP::client_addr] country] if { !([IP::addr [IP::client_addr] equals 10.0.0.0/8 ] or $CC equals "US" or $CC equals "IN" ) } { drop } }- Saib_175162Hi Kunjan, many thanks for your response. Sorry I am very new to this. I have a list of IPs from india that I need to allow. I can put this into an address group. Then how would I call this group into the above irule. Thanks again. BR Mazhar
- kunjan_118660
If your address list myaddress_list
when CLIENT_ACCEPTED { set CC [whereis [IP::client_addr] country] if { !([class match [IP::client_addr] equals myaddress_list] or $CC equals "US" ) } { drop } }- Saib_175162Thank you. I will get back to you. BR
- kunjan
If your address list myaddress_list
when CLIENT_ACCEPTED { set CC [whereis [IP::client_addr] country] if { !([class match [IP::client_addr] equals myaddress_list] or $CC equals "US" ) } { drop } }- Saib_175162Thank you. I will get back to you. BR
Mazhar_Rafi_170Hello Kunjan,
In the iRule above, i want to allow world wide access but disallow few countries. Lets say china, russia and philipines. Also I want to remove the specific IP allowed list. Can you please help.
Thanks, Maz
